We’re serious about security and data protection
HR software and data go hand-in-hand. That means data protection is a consideration in everything we do. We value your trust and know it must be earned. That’s why we follow industry best practices and transparently communicate our data management policies.
HiringThing is proud to take on vigorous compliance processes and procedures to ensure our client data is secure. In addition to third-party penetration testing and regular vulnerability scans, our compliance policy includes:
- SOC 2 compliance: SOC 2 is a vigorous auditing procedure for service providers that manages their data to protect the privacy of clients and the interests of the organization.
- GDPR & CCPA compliance: We’re able to support our clients in their individual compliance efforts. Whether we can meet their needs by building out our existing security infrastructure or offering custom solutions on a client-by-client basis, we’re proud to help our clients attain their objectives.
- Bounty program: This program encourages individuals to find bugs in our software and report them to us in exchange for a monetary reward.
- Use of AWS data centers: AWS cloud security is compliant with major certifications, including ISO 27001, SOC 2, PCI Level 1, and more.
HiringThing vigilantly adheres to industry best practices, which include:
- Unauthorized requests to our internal network are blocked with network access control lists, which are used by both our staff and our clients.
- Data sent to or from us is encrypted in transit.
- Application data is closely monitored. All production access is logged and audited.
Our Business Continuity/Disaster Recovery Plan covers backup and recovery from all major incidents or disasters.
- Our services are hosted in the cloud and in multiple data centers using Amazon Web Services (AWS) facilities, which ensures ongoing functionality for our clients on the off chance a data center should fail.
- We run regular backups to minimize the loss of data.
- Regular BC/DR tests notify us of potential weaknesses in our recovery process.
- We notify users of any maintenance downtime, which is rare as it generally occurs during off-peak hours.
- A live status page notifies users of any current issues impacting clients.
Incident Management & Response
Security management, including responses to any incidents, is monitored and assessed on a regular basis. Our goal is to minimize the disruption of business activities for HiringThing and our clients.
- An executive-level security committee regularly convenes to discuss issues, monitor compliance, and keep security top-of-mind within the organization.
- Our Incident Management team meets regularly to assess recent incidents and trends.
- We’re committed to notifying users of any breach within 72 hours.
- Regular risk assessments are conducted.
Logging & Monitoring
HiringThing vigilantly monitors all account activity. Our audit trails and monitoring processes ensure that access to systems and integrity of information assets are secure and unaltered.
- Logs are monitored and analyzed for metrics, integration availability, and more.
- Our application logs all user activity, including an emphasis on account logins.
- System Access Events (login successes and failures, as well as transactional and domain-level events) are carefully monitored.
- AWS accounts are logged and audited.
HiringThing staff is well-trained in our security procedures. We take care to ensure that security is top of mind for all staff.
- Internal security training with refresher courses are performed on a regular basis.
- Background checks are conducted for all employees and contractors.
- Regular threat simulation tests, such as phishing campaigns, are conducted quarterly, with follow-up training for any failures.