Skip to main content

Human Risk Management (HRM) Data Processing Overview

Shailanchal Uniyal avatar
Written by Shailanchal Uniyal
Updated over 3 weeks ago

Introduction

This document outlines how personal data is collected, processed, and retained within our HRM systems, with a focus on the technical implementation, data ingestion processes, and alert management for mapped users.

Data Ingestion Architecture

Technical Implementation

Our HRM system ingests data as logs from customer-enabled integrations. The system processes only events explicitly enabled by customers in their integration configuration. This selective ingestion ensures we only collect and process data relevant to human risk management and nothing excessive.

Event Classification & Processing

  • Mapped Events: Events directly correlated to an email address of a user who exists in the system

  • Unmapped Events: Events not correlated to an existing user email in the system

  • Data Minimization: We only process events relevant to human risk management (clicks, file executions, malware detections, behavioral anomalies, data loss events, etc.)

  • Events of No Interest: Logs are automatically purged from the system within 30 days

  • Retention of Mapped Events: Retained for the duration needed for risk analysis while license is active

Alert Management

User Alert Visibility

Only alerts for mapped users are displayed in the portal. Alerts generated for users who are not mapped in the portal are ignored and not displayed. This ensures that customers only see relevant security alerts for users they have provisioned in the system.

Alert Processing Workflow

  1. System ingests logs from security tools

  2. Events are classified as mapped or unmapped

  3. Only mapped events generate visible alerts

Integration Safety

Secure Integration Framework

Our integration architecture is designed with security as a priority, ensuring safe connection with various security tools:

  • Encrypted Connections: All data transfers use TLS 1.2+ encryption

  • API Authentication: Secure token-based authentication for all integrations

  • Minimal Permissions: All integrations require only read access to specific event logs

  • Data Filtering: Pre-processing filters ensure only relevant data is transferred

  • Audit Logging: All data access through integrations is logged for security purposes

User Information Processing

Category

Data Elements

Purpose

Retention

Customer Information

• Customer Name

• Customer Email

• Address

• Postal Address

Product Administration: Providing licenses and general account management

Not Applicable

Administrator Information

• Administrator Name

• Administrator Email

Enable administrator access to the cyber-ready.right-hand.ai administrator portal and service operations

Removed 90 days after license expiration

Employee Information

• Employee Name

• Employee Email

• Department

• City

• Office Location

• Email serves as primary employee identifier for assignments and campaign exposure

• Department, City, and Office Location are used for user administration

Data retained while license is active. Information is purged after 90 days of account removal

Technical Identifiers

Category

Data Elements

Purpose

Retention

IP Addresses

User IP addresses configured to HRM

• User identification from events

• Collection of user IPs during phishing email interactions to identify false positives

For HRM information is Retained while the license for HRM is active. Data is purged 90 days after license expiry. For simulations, the data is active until the license for the product is active and removed after 90 days of license expiry.

MAC Addresses [HRM Only]

Device MAC addresses

User identification from events

For HRM, information is Retained while the license for HRM is active and Data is purged 90 days after license expiry.

Company Identifiers [HRM Only]

Usernames, Employee IDs

User identification from events

For HRM, information is Retained while the license for HRM is active and Data is purged 90 days after license expiry.

Device Identifiers [HRM Only]

Device-specific identifiers

User identification from events

For HRM, information is Retained while the license for HRM is active and Data is purged 90 days after license expiry.

Integrated Products & Communication

Category

Data Elements

Purpose

Retention

Event Logs [HRM Only]

Logs from integrated security products

Processing to extract information for personalized training and micro-learning

30 days from date of log transfer to HRM product

Communication Channel Availability

Employee availability status on:

• Slack

• MS Teams

• Enable delivery of micro-learning through appropriate communication channels

• Delivery of training communication and reminders

Retained while integration is active. Information is removed on integration removal

For more information about our data processing practices, please contact your account representative.

Did this answer your question?