Once paperwork is signed, we’ll give you access to our SFTP site where you can grab our latest release for your current D365 F&SCM version.  We also host our user guide, some sample templates, and other helpful documentation on the site.

This lives as a module within D365 F&SCM (Finance and Supply chain Management).

Since the module lives within D365 F&SCM (Finance and Supply chain Management) your data all lives within your existing solution – we do not host any of your data or any of these processes.

DHRP’s products like Recruitment, Onboarding, Learning Management System, Performance Management can deploy in the following manner:

1. On the client’s Azure Tenant as a New Application, where the data is in full control of the client.
2. On DHRP’s Azure Tenant as a New Application, where the App’s has a separate database dedicated for the client.

All the applications, data, code still either in D365 Finance and Supply Chain management instance controlled by Microsoft and the client or it sits within the Azure tenant and Azure instance controlled by the client, hence, DHRP sits behind Microsoft Azure’s data residency and data backups.

DHRP’s add-ons are architected as native D365 F&SCM extensions and do not introduce an independent attack surface. Security is structured across multiple layers: 

1. Access Control & Identity User Application Hardening: DHRP integrates fully with D365’s Role-Based Access Control (RBAC) model. Access to all DHRP functionality is governed by D365 security roles, duties, and privileges, using the identity and access management framework Microsoft Entra ID (Azure AD). 
   
   
2. Least Privilege & Segregation of Duties: DHRP ships pre-configured security roles aligned to the principle of least privilege. These roles are designed to support Segregation of Duties (SoD) controls critical for finance and supply chain compliance and can be further refined to meet your organisation’s specific access policies. 
   
   
3. Application-Level Access Control: For sensitive or restricted processes, DHRP provides an additional form-level password protection mechanism within D365. This acts as a compensating control for high-risk operations where an extra authentication step is warranted beyond role-based access.  
   
   
4. Data Residency & Sovereignty: DHRP does not host, process, or transmit any customer data outside your D365 tenant. All data remains within your Microsoft Azure region for Australian customers. This means data stays within Azure Australia East / Southeast datacentres, which hold IRAP PROTECTED assessment. 
   
   
5. No Persistent External Connectivity: DHRP add-ons operate entirely within the D365 application layer. There are no external API calls, no third-party data pipelines, and no telemetry transmitted outside your environment, eliminating a common ISV risk vector. 

DHRP holds ISO 27001:2022 certification: the internationally recognised standard for Information Security Management Systems (ISMS). This covers our internal development practices, change management, risk management, and supplier controls. 

Since DHRP’s solutions run entirely within your Microsoft-hosted D365 environment, your organisation also inherits the full weight of Microsoft’s compliance portfolio, which includes: