We're here to help

Browse articles, help and advice to get the most out of Ento.

Security FAQ

General Security

Is https used for all web connections?

Yes – HTTPS is forced on for all connections to *.ento.com URL’s. Any time data leaves or our trusted network (AWS) and any time date leaves that network is it across secure protocols. HTTPS, SMTP, SFTP etc

What level of password security is used?
Stored passwords are on hashed via SHA256 using both a static salt and a rolling dynamic salt.
Passwords are transmitted over SSL with TLS 1.2.

Does Ento undergo security testing/auditing via an independent third party?
Ento regularly undertakes independent penetration testing via Pure Hacking Pty Ltd.
Detailed results are available upon request under non-disclosure agreement.
Ento is also a registered Digital Service Provider with the ATO. The requirements for this include aligning ourselves with the standards under OWASP ASVS Level 2 and the Australian Cyber Security Centre Government Information Security Manual.

What are Ento’s security compliance details?
The AWS infrastructure Ento runs on is ISO 27001 and PCI DSS L1 compliant. To learn more about security compliance on the AWS platform, follow this link.

What measures does Ento take to avoid system exploits?
Using AWS’ Virtual Private Cloud EC2 platform, All Ento applications are built on security focused frameworks to prevent common web exploits such as SQL injection & XSS.

How are Ento users authenticated and is there a single sign on option?
By default, users are able to login with a username (email address, employee ID, mobile number or other identification token) and/or password. Alternatively, we support an SSO integration using the SAML2 protocol (configuration required at a cost).

What is Ento’s process for reporting security breaches / incidents to customers?
Any security events are immediately escalated to our Head of Engineering on detection. Key personnel are on-call at all times, and relevant teams are rapidly notified and assembled to address the event.
Once investigated and resolved, a detailed written retrospective review and root-cause analysis is completed. This is reviewed at an executive level, and any preventative action items/next steps are distributed company-wide.
In the case of a security breach where customer data is exposed, Ento will promptly notify all affected clients & users.

Can I request more information?
Complete transparency around our disaster recovery and security processes would in itself represent a security risk. Additional information may be provided on a case by case basis, with a strict non-disclosure agreement in place.

Disaster Recovery & Backups

What disaster recovery procedures are in place?
Customer Data is stored redundantly at multiple locations in our hosting provider’s data centers to ensure availability. We have well-tested backup and restoration procedures, which would enable recovery from a major disaster. Customer data and Ento’s source code are automatically backed up nightly should live redundancy fail.
Backups are fully tested at least every 90 days to confirm that our processes and tools work as expected.

What is Ento’s Recovery Time Objective (RTO) in a DR event?
Ento’s RTO is 4 hours. A disaster-recovery event can only be initiated by Ento’s Head of Engineering, or an authorised representative.

Data access groups and permissioning

What are Ento access groups, and how do they work?
Ento’s unique configurable access groups define the data a user can access within the system. This is used to facilitate access in line with not only typical corporate structures (eg: national, state, region, store, cost centre) but also non-hierarchical groups such as multi-site franchisees, and divisions that span multiple geographic locations.
Using a complex franchise business as an example, Ento can be configured so that a state franchise performance manager can access the relevant state, a franchisee with 3 locations would be able to access all 3 relevant locations (regardless of ABN-split), while a store manager’s access is limited to only his/her store.
Ento is the only WFM platform with the ability to group a multi-structured tenancy environment in a single client platform. Access groups are effectively unlimited in flexibility and automatically cascade into live reporting, analytics, dashboards and reports.

What are Ento permissions, and how do they work?
Permissions for Managers and Staff in Ento are our way of defining what each user group can do within the Ento platform. Permission profiles are UI-configurable, and allow granular control (at a per-person level – if so desired!) of everything from manager cost visibility and timesheet approval chains, to staff clock-in rounding rules and leave-request limitation. This allows flexibility while maintaining core compliance controls

Clocking in, requesting leave and more

New manager? Start here!

A closer look at how it all works

Quick answers to common questions

Get the most out of Ento

Popular topics

Create rosters, edit shifts, use fill-in finder, and learn about publishing and costing

In its simplest form, Ento is software that you and your staff can access over the Internet, via a web browser or one of our specially built apps

There are several ways you can capture time and attendance information for comparison against what was rostered.

There are three ways you can access your Staff area - the Website, iPhone or Android.

Capture and review data for staff clocking in and out before it’s sent to payroll. Here’s what you need to know.

Wondering how to set up Auto-recharge? Want to check your credit or renewal date? Making a one off payment? What is an Active staff member?

Create or update multiple records, or sync data from existing HR, payroll & POS systems using CSV templates for file imports

Find the answer to Frequently Asked Questions relating to this topic.

Hook directly into Xero and send through your Ento timesheets for an easy payroll process

Find the answer to Frequently Asked Questions relating to this topic.

Export your timesheet data in one easy file for direct import into MYOB AccountRight

Find the answer to Frequently Asked Questions relating to this topic.

Book a demo of Ento