Lucca operates as a SaaS (Software as a Service) provider, delivering online HR solutions accessible from any device with an internet connection.
These services are accessible from any location, from a PC, a tablet or even via Android and iOS mobile apps. Employees can easily manage tasks like submitting holiday requests or expenses from anywhere, enhancing convenience and efficiency.
Lucca's secure platform: continuous improvement in security
Data protection is crucial in SaaS HR software. Lucca continually enhances its security measures to guard against external threats and secure software connections. Our platform undergoes regular audits by external experts, and we monitor all traffic for anomalies.
From the customer's perspective, our data security encompasses a three-pronged approach:
- Authentication: ensuring legitimate access through password protection or Single Sign-On (SSO)
- Detailed rights management: defining which employees can access specific data
- Customer isolation: each client has access only to their own database
From Lucca's perspective, we prioritize customer data security:
- Traffic protection: all data traffic is secured with firewalls and proactive attack detection
- Secure protocols: all communications use HTTPS for encryption
- Private cloud hosting: our applications are hosted in a secure, certified private cloud (OVH)
- Ongoing audits: regular external audits assess our security measures
- Vulnerability testing: We conduct internal workshops to identify potential weaknesses
- Development security: each new feature undergoes validation for security and scalability
- Infrastructure monitoring: continuous oversight of security vulnerabilities and timely patching
- Data backups: we maintain secure backups of customer data for 30 days
- Workstation security: safeguards are in place for both premises and employee workstations
Lucca's security policy safeguards connections between software
Our internal teams and external independent organizations conduct regular penetration tests to assess the security level of applications and infrastructure. These tests, initiated by either our customers or Lucca, are carried out by approved third-party security experts or directly by our internal security department. Each year, we enhance our testing protocols, allowing us to perfect the set of security measures that protect user data.
In 2022, Lucca achieved ISO 27001 certification, demonstrating our ability to identify security threats, control data risks and ensure data protection.
On an ongoing basis, Lucca improves and reinforces the protection measures, traceability and impact analysis of its platform, and has set up a validation process for any new development inherent to the life of a SaaS provider, to always guarantee data protection.
Securing access to the platform with an application firewall
Our application firewall protects Lucca against common attacks, like SQL injection, XSS, the most dangerous for companies. This firewall analyzes incoming requests and blocks any attempted attacks. Today, we can detect this type of operation instantly, and assess whether the attack is legitimate or not (such as during a security audit).
Authentication, is a key element in securing connections for human resources software in a SaaS solution
Lucca has set up a configurable password policy to meet the requirements of each customer's security policy.
We are also compatible with various Single Sign-On (SSO) solutions available in the market, allowing us to delegate the authentication of our solutions to third-party services (like Google, Microsoft, etc.) for customers who prefer to centralize all their login credentials.
For mobile applications, security policies mirror those of our web platform, utilizing secure, one-time codes for additional protection when SSO is enabled.
Password management
Lucca uses a proven and known hashing algorithm (encryption) for setting the encryption slowness. From the encrypted password (fingerprint or hash) stored on our platform, it is impossible to retrieve the original password. These password hashes are therefore unusable for tracing the original password. They only allow you to confirm that a password is correct.
In other words, passwords are never stored on our platform.
We also empower customers to define their password policies, including character requirements and expiration dates.
Secure integration of human resource software in the customer information system
Secure integration with customer systems
A SaaS solution is by definition separate from the customer's information system. Integration with the latter is therefore a major factor in the success of the solution.
Our web and mobile solutions are based on REST (representational state transfer) APIs (application programming interface). These APIs are usable by our customers, via dedicated security tokens, with configurable permissions, allowing integration with our customers' information systems.
Additionally our applications can be synchronized with customer systems via file import and export mechanisms, deposited on secure FTP servers or generated directly by authorized users at our clients' premises.
Data exchanges between Lucca solutions and other software, such as payroll or accounting solutions, are secure.
Reliable and secure updates of HR solutions
Lucca rolls out updates to its HR software every week and improvements every evening or even during the day in a transparent manner, benefiting from a single codebase used by all customers. Lucca's responsiveness on both the security and application sides enables it to offer the best possible experience to its customers.
A QA (Quality Assurance) team guarantees non-regression on the main functionalities of our solutions. This automatic validation is carried out before each release of upgrades and is accompanied by manual recipes created by the product design teams.
The security of the data collected by the Lucca product range is essential to ensure the reliability of the data transmitted to the payroll and accounting software.