February 3, 2025 4 min read

Enterprise-Grade Security and Compliance

Jelena Rašula

Jelena Rašula, Product Marketing Manager

Gecko HRM

25_01_15 Security and Compliance - cover

Since Gecko HRM is built on Salesforce technology, it adheres to the highest data protection standards.

You can rest assured that your data is protected by top-class data encryption, threat detection, audit trails, and multi-factor authentication (MFA). Granular permission controls are pre-built; you can control who sees which data and monitor access to data. That’s why we can easily say that Gecko is a highly secure SaaS Platform.

At Gecko, we do not allow any trade-offs regarding the reliability, security, and compliance of our solutions. Being part of the outstanding Salesforce ecosystem since 2010, we have high-security awareness and data safety built into our culture and our processes.

Marko Perme, CEO

Made in EU With Expertise in HR and Advanced Enterprise Software Development

At Gecko HRM, we prioritise our customers by maintaining a robust security programme supported by extensive controls, policies, and third-party certifications, including ISO 27001, to protect your most sensitive information.

With our solutions being implemented in over 30 countries, we are proud to state that Gecko HRM customers benefit from the following:

  • Strong information security,
  • Role-based access controls to ensure only authorised users can view sensitive data,
  • Customisable access options, and
  • Audit tools to track who accessed or edited information and when.

EU DORA-Compliant HR Solution

The Digital Operational Resilience Act (DORA) is an EU regulation aimed at enhancing the digital operational resilience of financial entities, ensuring they can withstand, respond to, and recover from ICT-related disruptions and threats. 

DORA entered into force on January 16, 2023, and became fully applicable on January 17, 2025. 

DORA applies to a wide range of financial entities, including banks, insurance companies, investment firms, and crypto-asset service providers, as well as their critical ICT third-party service providers.

Gecko HRM is recognised by industry leaders as a trusted solution for financial institutions. Our impressive list of clients from the financial sector includes Bank of Slovenia, Gorenjska banka, J&T bank, and Lovćen bank, along with insurance companies Triglav and Generali, who trust Gecko HRM for their HR needs.

Marko Perme, CEO

The DORA regulation introduces several key requirements:

  • ICT Risk Management: Financial entities must implement comprehensive frameworks to manage ICT risks effectively. 
  • Incident Reporting: Entities are required to establish mechanisms for reporting major ICT-related incidents to competent authorities. 
  • Digital Operational Resilience Testing: Regular testing of digital operational resilience is mandated to ensure preparedness against disruptions. 
  • ICT Third-Party Risk Management: There is an emphasis on monitoring and managing risks associated with ICT third-party service providers. 
  • Information Sharing: Encourages the exchange of information and intelligence on cyber threats among financial entities
  • Oversight of critical third-party providers

Source: European Insurance and Occupational Pensions Authority (EIOPA) 

Gecko HRM is designed with DORA in mind, offering advanced modules like Event Monitoring and detailed compliance reporting to meet the highest regulatory standards.

Robust Data Compliance, and High-Security Standards

Being built on Salesforce technology, Gecko HRM also benefits from the security of its ecosystem. Salesforce’s ongoing efforts ensure that they meet the latest industry standards, comply with European data regulations, and address evolving global security challenges, which include:

  • ISO 27001: An international standard specifying requirements for establishing, implementing, maintaining, and improving an information security management system.
  • ISO 27017: Provides guidelines for information security controls specifically tailored to cloud services, ensuring secure cloud environments.
  • ISO 27018: Focuses on the protection of personally identifiable information (PII) in cloud computing, ensuring privacy and compliance with global data protection laws.
  • SOC 1: Verifies controls over financial reporting processes are effectively designed and operate as intended.
  • SOC 2: Assesses and certifies that an organisation’s systems meet strict criteria for security, availability, processing integrity, confidentiality, and privacy.
  • SOC 3: A public report of security, availability, integrity, confidentiality and privacy controls.
  • GDPR Compliance: Ensures that organisations handle personal data in line with the EU’s General Data Protection Regulation, which mandates strict rules for data collection, storage, processing, and sharing to protect individuals’ privacy.

Source: Salesforce Compliance, 2025

Our Disaster Recovery & BCP plans and processes help us quickly recover operations and maintain business continuity (BCP) after unexpected events such as cyberattacks, natural disasters, or system failures.

Since Salesforce technology has a built-in Salesforce Shield solution, our Gecko HRM also ensures trust, transparency, compliance, and governance across your customer and employee-related processes.

Marko Perme, CEO

Our technical and organisational measures are designed to protect personal data’s confidentiality, integrity, and availability. These measures include access control, information classification, physical and environmental security, data backup, malware protection, and communication security. We regularly review and update these measures to address emerging threats and ensure ongoing compliance.

Employee Training and Awareness

We believe that data security is a collective responsibility. Therefore, we invest in regular training and awareness programs for our employees to ensure they understand the importance of data protection and are equipped to handle personal data responsibly. This commitment to continuous improvement fosters a culture where data security is integral to our daily operations.

Client Collaboration

We work closely with our clients to ensure that our data protection measures align with their expectations and legal requirements. Our transparent approach builds trust and ensures that data security and compliance are maintained throughout our collaborations.

In summary, data security and compliance are fundamental to our culture and processes. Through comprehensive policies, robust technical measures, employee training, and client collaboration, we strive to protect personal data and maintain the highest standards of data protection.

About the author

Jelena Rašula

Jelena Rašula, Product Marketing Manager

Jelena Rašula is the Product Marketing Manager at Gecko HRM, where she combines her passion for innovative technology with a deep understanding of the HR industry. With a keen interest in reshaping how businesses approach workforce management, Jelena leads impactful marketing initiatives that highlight the transformative power of HR tech.

Jelena Rašula is the Product Marketing Manager at Gecko HRM, where she combines her passion for innovative technology with a deep understanding of the HR industry. With a keen interest in reshaping how businesses approach workforce management, Jelena leads impactful marketing initiatives that highlight the transformative power of HR tech.

You might also like

View all posts