SECURITY
We’re serious about security and data protection
HR software and data go hand-in-hand. That means data protection is a consideration in everything we do. We value your trust and know it must be earned. That’s why we follow industry best practices and transparently communicate our data management policies.
Compliance
- SOC 2 compliance: SOC 2 is a vigorous auditing procedure for service providers that manages their data to protect the privacy of clients and the interests of the organization.
- Bounty program: This program encourages individuals to find bugs in our software and report them to us in exchange for a monetary reward.
- Use of AWS data centers: AWS cloud security is compliant with major certifications, including ISO 27001, SOC 2, PCI Level 1, and more.
Data Encryption
HiringThing vigilantly adheres to industry best practices, which include:
- Unauthorized requests to our internal network are blocked with network access control lists, which are used by both our staff and our clients.
- Data sent to or from us is encrypted in transit.
- Application data is closely monitored. All production access is logged and audited.
Dependable
Our Business Continuity/Disaster Recovery Plan covers backup and recovery from all major incidents or disasters.
- Our services are hosted in the cloud and in multiple data centers using Amazon Web Services (AWS) facilities, which ensures ongoing functionality for our clients on the off chance a data center should fail.
- We run regular backups to minimize the loss of data.
- Regular BC/DR tests notify us of potential weaknesses in our recovery process.
- We notify users of any maintenance downtime, which is rare as it generally occurs during off-peak hours.
- A live status page notifies users of any current issues impacting clients.
Incident Management & Response
Security management, including responses to any incidents, is monitored and assessed on a regular basis. Our goal is to minimize the disruption of business activities for HiringThing and our clients.
- An executive-level security committee regularly convenes to discuss issues, monitor compliance, and keep security top-of-mind within the organization.
- Our Incident Management team meets regularly to assess recent incidents and trends.
- We’re committed to notifying users of any breach within 72 hours.
- Regular risk assessments are conducted.
Logging & Monitoring
HiringThing vigilantly monitors all account activity. Our audit trails and monitoring processes ensure that access to systems and integrity of information assets are secure and unaltered.
- Logs are monitored and analyzed for metrics, integration availability, and more.
- Our application logs all user activity, including an emphasis on account logins.
- System Access Events (login successes and failures, as well as transactional and domain-level events) are carefully monitored.
- AWS accounts are logged and audited.
Personnel
HiringThing staff is well-trained in our security procedures. We take care to ensure that security is top of mind for all staff.
- Internal security training with refresher courses are performed on a regular basis.
- Background checks are conducted for all employees and contractors.
- Regular threat simulation tests, such as phishing campaigns, are conducted quarterly, with follow-up training for any failures.