Security

  •  0
  •  0

We’re serious about security and data protection

HR software and data go hand-in-hand. That means data protection is a consideration in everything we do. We value your trust and know it must be earned. That’s why we follow industry best practices and transparently communicate our data management policies.

Security & Reliability

Compliance

HiringThing is proud to take on vigorous compliance processes and procedures to ensure our client data is secure. In addition to third-party penetration testing and regular vulnerability scans, our compliance policy includes:

  • SOC 2 compliance: SOC 2 is a vigorous auditing procedure for service providers that manages their data to protect the privacy of clients and the interests of the organization.
  • GDPR & CCPA compliance: We’re able to support our clients in their individual compliance efforts. Whether we can meet their needs by building out our existing security infrastructure or offering custom solutions on a client-by-client basis, we’re proud to help our clients attain their objectives.
  • Bounty program: This program encourages individuals to find bugs in our software and report them to us in exchange for a monetary reward.
  • Use of AWS data centers: AWS cloud security is compliant with major certifications, including ISO 27001, SOC 2, PCI Level 1, and more.

Data Encryption

HiringThing vigilantly adheres to industry best practices, which include: 

  • Unauthorized requests to our internal network are blocked with network access control lists, which are used by both our staff and our clients.
  • Data sent to or from us is encrypted in transit.
  • Application data is closely monitored. All production access is logged and audited.

Dependable

Our Business Continuity/Disaster Recovery Plan covers backup and recovery from all major incidents or disasters.

  • Our services are hosted in the cloud and in multiple data centers using Amazon Web Services (AWS) facilities, which ensures ongoing functionality for our clients on the off chance a data center should fail.
  • We run regular backups to minimize the loss of data.
  • Regular BC/DR tests notify us of potential weaknesses in our recovery process.
  • We notify users of any maintenance downtime, which is rare as it generally occurs during off-peak hours.
  • A live status page notifies users of any current issues impacting clients.

Incident Management & Response

Security management, including responses to any incidents, is monitored and assessed on a regular basis. Our goal is to minimize the disruption of business activities for HiringThing and our clients. 

  • An executive-level security committee regularly convenes to discuss issues, monitor compliance, and keep security top-of-mind within the organization. 
  • Our Incident Management team meets regularly to assess recent incidents and trends.
  • We’re committed to notifying users of any breach within 72 hours.
  • Regular risk assessments are conducted.

Logging & Monitoring

HiringThing vigilantly monitors all account activity. Our audit trails and monitoring processes ensure that access to systems and integrity of information assets are secure and unaltered.

  • Logs are monitored and analyzed for metrics, integration availability, and more.
  • Our application logs all user activity, including an emphasis on account logins.
  • System Access Events (login successes and failures, as well as transactional and domain-level events) are carefully monitored.  
  • AWS accounts are logged and audited.

Personnel

HiringThing staff is well-trained in our security procedures. We take care to ensure that security is top of mind for all staff.

  • Internal security training with refresher courses are performed on a regular basis. 
  • Background checks are conducted for all employees and contractors.
  • Regular threat simulation tests, such as phishing campaigns, are conducted quarterly, with follow-up training for any failures.

Questions about data protection?