Tandem employs the highest level of security on your workforce data


1. Authentication service is SOC 2 Type II certified - encryption, password hashing:

Prevent critical identity data from falling into the wrong hands. We never store passwords as clear text - they are always hashed (and salted) securely using bcrypt.

2. Password Complexity:

Capable of enforcing five levels of password complexity, as well as custom rules implementing OWASP recommendations and more.

3. Attack Prevention, Mitigation:

Built-in rate limiting and automated blocking features to mitigate advanced denial of service or authentication attacks.

4. Account Verification:

Safeguard your users with default email verification at account creation time and during password resets.

5. Data encrypted in transit and at rest across the application:

Data at transit is encrypted with a state of the art 2048bit RSA Keys. The encryption at rest is the industry standard AES-256 algorithm with key management infrastructure consistent with National Institute of Standards and Technology (NIST) 800-57 recommendations and uses cryptographic algorithms approved by Federal Information Processing Standards (FIPS) 140-2.