Overview

Here at HiringThing, we take security and data protection seriously. After all, data and HR software go hand-in-hand. That means data protection is a part of everything we do, from our compliance audits and data encryption to how we train our own employees. Our goal is to be open and transparent about what data is collected, what we do with it, and how we protect it. Questions? Contact security@hiringthing.com.

Compliance

HiringThing is proud to take on vigorous compliance processes and procedures to ensure our client data is secure. In addition to 3rd party penetration testing and regular vulnerability scans, our compliance policy includes:

  • Soc 2 compliance: Soc 2 is a vigorous auditing procedure for service providers that manages their data to protect the privacy of clients and the interests of the organization. 
  • Bounty program: This program encourages individuals to find bugs in our software and report them to us in exchange for a monetary reward.
  • Use of AWS data centers: AWS cloud security is compliant with major certifications, including ISO 27001, SOC 2, PCI Level 1, and more.

Data Encryption

HiringThing vigilantly adheres to industry best practices, which include: 

  • Unauthorized requests to our internal network are blocked with network access control lists, which are used by both our staff and our clients.
  • Data sent to or from us is encrypted in transit.
  • Application data is closely monitored. All production access is logged and audited.

Dependable

Our Business Continuity/Disaster Recovery Plan covers backup and recovery from all major incidents or disasters. 

  • Our services are hosted in the cloud and in multiple data centers using Amazon Web Services (AWS) facilities, which ensures ongoing functionality for our clients on the off chance a data center should fail. 
  • We run regular backups to minimize the loss of data.
  • Regular BC/DR tests notify us of potential weaknesses in our recovery process.
  • We notify users of any maintenance downtime, which is rare as it generally occurs during off-peak hours.
  • A live status page notifies users of any current issues impacting clients.

Incident Management & Response

Security management, including responses to any incidents, is monitored and assessed on a regular basis. Our goal is to minimize the disruption of business activities for HiringThing and our clients. 

  • An executive-level security committee regularly convenes to discuss issues, monitor compliance, and keep security top-of-mind within the organization. 
  • Our Incident Management team meets regularly to assess recent incidents and trends.
  • We’re committed to notifying users of any breach within 72 hours.
  • Regular risk assessments are conducted.

Logging & Monitoring

HiringThing vigilantly monitors all account activity. Our audit trails and monitoring processes ensure that access to systems and integrity of information assets are secure and unaltered.

  • Logs are monitored and analyzed for metrics, integration availability, and more.
  • Our application logs all user activity, including an emphasis on account logins.
  • System Access Events (login successes and failures, as well as transactional and domain-level events) are carefully monitored.  
  • AWS accounts are logged and audited.

Personnel

HiringThing staff is well-trained in our security procedures. We take care to ensure that security is top of mind for all staff. 

  • Internal security training with refresher courses are performed on a regular basis. 
  • Background checks are conducted for all employees and contractors.
  • Regular threat simulation tests, such as phishing campaigns, are conducted quarterly, with follow-up training for any failures.