Your Security is our Priority
HireRoad is focused on keeping your data safe and secure to ensure your peace of mind and business continuity. The HireRoad platform was built from the ground up to include security, scalability, reliability, and data privacy.
As HR professionals, our primary goal is to secure our customers’ sensitive data. To ensure your data is safe with us, we follow the industry’s compliance standards for data privacy such as ISO-27701, GDPR, PCI, etc. We practice multiple layers of security controls.
Here are just some of the measures we take to secure your data, prevent leaks, and block unauthorized access:
- Frequent vulnerability scans
- Web application firewall
- Input validation
- 24/7 security management and monitoring
- Highest industry standard encryption
- Strict unit and integration test requirements in code
Our infrastructure is provided by Amazon Web Services, one of the most secure cloud services platforms, with high availability, resiliency, and dependability. Amazon’s physical infrastructure has been accredited under ISO 27001:2013, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley.
AWS is responsible for securing the underlying infrastructure that supports the cloud, and HireRoad is responsible for anything we collect, store, or process in the cloud and/ or connect to the cloud.
All of your data is encrypted both at rest and in transit, using the most current standards for data encryption. Communication between end users and our servers is encrypted with 128-bit SSL/TLS encryption. We also ensure that all passwords are securely hashed and never stored in plain text. All data access is protected by a role-based access control, which only lets users view data for which they have permission. We also employ a tenancy model that isolates data from other customers. It’s impossible for users to view data from organizations other than their own.
- Frequent vulnerability scans to proactively identify and address security threats.
- Web application firewall (WAF) to filter, monitor and protect your web applications and APIs.
- Input validation to validate data for accuracy, cleanliness and completeness.
- 24/7 security management and monitoring of information security controls, vulnerabilities and other cyber threats to aid in risk management.
- Strict unit and integration test requirements in code to check the system functionality, reliability and performance.
Our Internal Processes
Only authorized employees have access to our production infrastructure and require strong authentication. We limit access to customer data to the employees who need it to provide support and troubleshooting on the customer’s behalf. Accessing customer data is done solely on an as-needed basis, and only when approved by the customer (e.g. as part of a support request), or to provide proactive support and maintenance.