At Talenthub, the private and sensitive information processed by our application means we strongly emphasize our security efforts.
This article outlines Talenthub's approach to security and compliance; we will explore:
- The technical steps behind our data security.
- The organizational measures our staff take to protect your data.
- How we ensure data security in our daily processes.
- Data protection within the Talenthub application.
- How Talenthub delivers data security across optional modules and integrations.
How is your data protected at Talenthub?
At Talenthub, our primary focus is protecting and maintaining our users' data. Therefore, we will explore the critical security features and practices that secure your data within Talenthub.
Our data remains within a centralized, logical access management system. In addition, we have implemented denial of service (DDoS) mitigation and active intrusion detection and prevention to protect data best. Access to the Talenthub application's data is restricted.
Additionally, we have code reviews and vulnerability mitigation established and ensure automated and manual testing before any release.
Our configurable security features allow Talenthub to enact role-based authorization. By only designating access to specific individuals, we reduce our security vulnerabilities and limit the possibility of unintentional loss or exposure of data.
Furthermore, Talenthub ensures data access is central to the key management and encryption process. The encryption of data follows industry best-practice standards. In addition, Talenthub supports full encryption in transit with no non-encrypted data leaving our data center.
All of Talenthub's monitoring and back-end systems send local traffic over the VPC or use transport-level encryption in communication with the rest of the Internet. We store the entirety of our customer data within managed encrypted databases in AWS. Moreover, the access and transfer of data to and from Talenthub are via HTTPS with digital certificate technology.
How we ensure data security and awareness across our teams
Information security at Talenthub is everyone's priority. Therefore, we invest in training and provide our employees with the know-how to create a data-secure work environment. Awareness and education are crucial to ensure buy-in among staff for our data security measures.
All Talenthub employees participate in information security and privacy training as a part of their onboarding process. During onboarding, new employees also agree to our Code of Conduct, which stresses our commitment to keeping customer information safe.
Furthermore, our employees receive annual training throughout their time at Talenthub. Here we ensure our staff are aware of the latest guidelines regarding information security and best practices for data safety. In addition, for engineers, we also ensure that their coding is done securely, alongside code reviews, before changes reach production.
Delivering data security in our daily processes
Talenthub's business processes, including internal policies, software development and application monitoring, are heavily focused on how best to secure our customer data. As mentioned previously, only an authorized group of Talenthub employees have access to customer data.
Talenthub employees, access rights and levels depend upon job function and role. We use the principles of the least privilege and need-to-know to match access privileges to defined responsibilities.
We monitor our infrastructure and services in numerous ways, including:
- System and application metadata logging service for analysis.
- Troubleshooting and alerting tailored to our system.
- AWS alerting of certain events, such as scaling, traffic spikes or changes in the application's performance.
- As well as AWS Cloudwatch which focuses on alerts for infrastructure and application level monitoring.
Regarding our data security, we hold regular security reviews that follow the Talenthub Software Development Life Cycle. It considers the planning, design, implementation, testing, shipping and response phases and how we safeguard each independent stage.
Alongside internal code reviews and vulnerability mitigation, we have an incident management process for security events that affect data confidentiality, integrity, or system availability. If an incident occurs, we prioritize it according to severity. Events that directly impact customer data or continuity are assigned the highest priority.
Data protection within the Talenthub application
Talenthub's secure application encompasses hardware and infrastructure, systems and operations, applications and access, and transmission and storage. We offer commercial-grade data centers across physically separate locations so that our customers' critical data remains available in the event of business disruption.
As well as secure, near real-time data replication. Talenthub offers physically and logically separate networks for systems and operations, with networks for development, staging, and production. By utilizing EC2 Security Groups, we can control access between subnets, networks and the Internet. There is no access between machines, and ports are only open when necessary.
Furthermore, malware protection, commercial-grade firewalls and border routers help us resist and detect IP-based and denial-of-service attacks. Digital certificate technology and two-factor encrypted VPN access ensure that our customer's data within the Talenthub application is kept secure.
Optional modules and integrations: How we ensure data security
Talenthub also uses additional modules and integration tools to deliver our services to customers. Here are some of the most common concerns and how we manage our customer's data within these optional modules and integrations.
The Talenthub Widget
Our widget allows customers to collect candidate feedback.The insertion of a simple script on the career page or job posts allows a small survey to pop up. The survey can collect the jobseeker's insight into the quality of the job post or the ease of use of the career page as a whole.
The widget does not make use of any cookies, and Talenthub is unable to collect private information from your candidates. You may only use the device on web pages that support the HTTPS protocol. There must be no attempts to collect personal information from users via the widget unless you are confident that you have the right to do so.
ATS Integrations
Our ATS Integrations offers you an alternative method of collecting feedback through increased touch points and provides more contextual data to understand candidate responses better.
Through these integrations, you can automatically trigger surveys sent at various stages of the recruitment process. We support the following ATS:
- Greenhouse.
- SmartRecruiters.
- Lever.
Find the full list of our integrations here.
To use these integrations, we require access via API to the ATS to read the job, application, and applicant information. Additionally, Talenthub sends the survey emails via our email servers, which recipients will recognize as being sent from Talenthub.io.
Sub-processors
A sub-processor processes personal data. Talenthub uses sub-processors to host its applications and provide specific functionality within the Talenthub services
Talenthub processes personal data in EU states to keep data transfer minimal. However, if Talenthub processes personal data in countries outside the EU, it must agree with the applicable privacy laws governed by Standard Contractual Clauses (SCCs).
Through commercially reasonable efforts, Talenthub evaluates the data protection practices of sub-processors that may have access to personal data. At a minimum, Talenthub requires its sub-processors to provide data protection as it does under applicable data protection laws and regulations.
The use of personal data is solely for the delivery of Talenthub's services, including necessary sub-processor services, and the processing of personal information is not for any other purpose. All personal data handled and maintained by Talenthub complies with all obligations of applicable data privacy and protection laws, rules and regulations.
Why data security is Talenthub's number one priority
For any business, information security is of the utmost importance. The volume of data collected by companies and websites is growing astronomically. Therefore, compliance with the legal requirements around data protection is a must for businesses.
At Talenthub, our customer's data privacy and security are our number one priority. We are committed to our customers, and their applicants' information security and have suitable physical, digital and organizational procedures to safeguard the information we collect.