BizMerlinHR Named "Cool Vendor" for HCM by Gartner    Learn More

Security and Reliability Safeguards

At BizMerlin, we know that our customers rely on us as an important part of their business processes and record keeping.  We take our responsibilities to our customers seriously, and the security and reliability of the software, systems, and data that make up the BizMerlin application are our top priority.


  • SSL: All information traveling between your browser and BizMerlin is protected from eavesdroppers with SSL encryption. The lock icon in your browser lets you verify that you aren’t talking to a phishing site impersonating BizMerlin and that your data is secure in transit.
  • Firewalls: We use server-level firewalls to protect our infrastructure from outside threats. We allow specific IP and port-based access to our servers.
  • Vulnerability scanning: We use AWS vulnerability tools like AWS inspector and AWS Test Advisor. These scans test our servers both from the Internet and from inside our network, and any newly-identified problems are addressed as quickly as possible.
  • Strong encryption: BizMerlin uses industry-standard encryption protocols and practices to responsibly transmit any sensitive information.


All of our security controls and risk analysis are based around the premise of protecting customer data. In addition to encryption, our customer data security controls include:

  • Who has access to customer data? – BizMerlin’s access to customer data is highly restricted, and access requests by our support personnel follow a highly controlled and documented process. Before access is granted, employees must complete special security training to handle customer data. We have periodic user access reviews to ensure unwanted access gates staying open.
  • Who did what, when and where? – All activity is logged in a protected system.
  • How are incidents reported? – BizMerlin is SOC compliant so follows a strict incident response process designed to handle customer data incidents.
  • Are our employees trained to handle data? – Yes, All BizMerlin employees are required to participate in security training.


  • Backup servers and data centers: The BizMerlin infrastructure uses AWS storage and servers to keep the application and your data available safe at every time. Every server has backup servers and we continuously take the backup of the database.
  • Responsible Disclosure of Security Vulnerabilities: If you are a security researcher and think you’ve found a security vulnerability with our service, product, or website please visit our Responsible Disclosure Policy page.

Third-Party Certifications and Audits

Third-party certifications and audits are an important component of any mature security program. We have a number of respected third-party agencies that certify and audit our environment.

BizMerlin’s certifications, compliances, and audits include:

  • SOC2 Type 1
  • Privacy Shield

BizMerlin hosts its data using Amazon Web Services (AWS), which is also SOC 2 certified.

Certifications with the Department of Commerce


BizMerlin has achieved EU-US & SWISS-US PRIVACY SHIELD certification with the US Department of Commerce.

OTHER RELEVANT Certifications

BizMerlinHR cloud is hosted in AWS environment using services that comply with ISO/IEC 27001:2013, 27017:2015, 27018:2019, and ISO/IEC 9001:2015 and CSA STAR CCM v3.0.1.

GDPR Compliance

Our comprehensive GDPR program is supported by key privacy principles — Accountability, Privacy by Design and Default, Data Minimization, Subject Access Rights, among others.  Below are some aspects of the GDPR program at BizMerlin, and how our products support customers in meeting their compliance obligations.

Read BizMerlin’s Commitment to GDPR.

Registration and operating LAWS

BizMerlin is registered in the Commonwealth of Virginia, United States of America.  Company headquarters are in Reston, Virginia.  For more details, please see the contact page.  BizMerlin operates under the laws of the Commonwealth of Virginia and the federal regulations of the US.

location of servers and Data

BizMerlin uses Amazon Web Services (AWS) resources located in many different regions.  To see various AWS regions, please see relevant AWS documentationIf you would like to request that a server located in a specific region be used to serve your users, it is possible to do that for a fee.  Please get in touch with your account manager.