Trust at HireRoad
Innovative organizations across the globe trust HireRoad to keep their critical people data safe.
Read on to learn about the steps we follow to ensure your data is secure.
How HireRoad earns trust
HireRoad covers these essentials, so you can thrive with peace of mind for your critical people data.
We invest in our infrastructure to support customers with a handful of users, hundreds of users, or millions of users. The HireRoad platform infrastructure is provided by AWS, one of the most secure cloud service platforms in the world. AWS is responsible for securing the underlying infrastructure that supports the cloud, and HireRoad is responsible for anything we collect, store, or process in the cloud and/ or connect to the cloud. Backups are regularly performed following strict protocols.
Data security is key for your sensitive people data. HireRoad incorporates security into our products and operations at every step. We follow leading compliance standards including ISO-27701, GDPR, PCI, and SOC 2. Amazon’s physical infrastructure has been accredited under ISO 27001:2013, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley. PeopleInsight by HireRoad is AT 101 SOC 2 certified and is hosted at 2 data centers in Tier III level hosting facilities; both in Canada. Here are a few of the measures we take to secure your data:
- frequent vulnerability scans
- web application firewalls
- input validation
- 24/7 security management and monitoring
- highest industry standard encryption
- strict unit and integration test requirements in code
As HR tech professionals accustomed to working with sensitive data, data security is our primary goal. To ensure your data is safe with us, we follow the industry’s compliance standards for data privacy such as ISO-27701, GDPR, PCI, etc. We practice multiple layers of security controls and have earned our SOC 2 attestation report. We’re happy to send you a copy, just ask your sales rep.
Only authorized employees have access to our production infrastructure, which requires strong authentication. Customer data access is limited to employees who need it to provide service, support, or troubleshooting on the customer’s behalf. Accessing customer data is done solely on an as-needed basis, and only when approved by the customer (e.g. as part of a support request), or to provide proactive support and maintenance.
“Much faster, more powerful and less risk than the other options we tried.”