Wszystkie kolekcje
Network and application security
Network and application security

Get to know the technical aspects of security measures

Agnieszka Otręba avatar
Napisane przez Agnieszka Otręba
Zaktualizowano ponad tydzień temu

1. Hosting and data storage

Services and data processed by eRecruiter are hosted in the Microsoft Azure cloud, which has security certificates confirming the security of data stored in the cloud:

  • ISO/IEC 27001

  • CSA Security, Trust & Assurance Registry (STAR)

For the purposes of cloud hosting, eRecruiter uses also service centers and service providers with certificates confirming the security of cloud data processing. More information about the certificates can be found below:

2. Virtual Cloud

All our servers are fully virtual, which eliminates vulnerability to technical failures affecting traditional physical servers. This solution enables us to restore full operability of our systems within a few minutes.

3. Authorizations and authentication

Access to the clients’ data is reserved exclusively to authorized employees who require such access to perform their professional duties. eRecruiter is based in 100% on secure HTTPS protocols.

4. Encryption

All data sent to or from eRecruiter are encrypted with 256-bit encryption.

Our Application Programming Interfaces and application terminals use encryption based on SSL certificates. The implemented security measures have been rated “A” in the tests carried out by Qualys SSL Labs.

For the purposes of eRecruiter data transfer, we use Transport Layer Security (TLS), creating a secure tunnel protected with a 256-bit or longer encryption key.

We also encrypt data at rest using a standard AES encryption algorithm.

5. Penetration testing and vulnerability scanning

Every year, a recommended third-party company carries out grey-box penetration tests of the eRecruiter application. The most recent opinions can be downloaded below:

We employ external security tools to continuously scan the system for vulnerabilities and we are ready to react immediately whenever we find one.

6. Reacting to incidents

eRecruiter implements the hazardous incident handling procedure and all employees are informed about its principles.

7. Compliance with global standards

We develop eRecruiter in compliance with the standards set by OWASP (Open Web Application Security Project) — an international foundation whose goal is to improve the security of web applications.

The foundation publishes a set of good practices on designing and securing applications. We observe those practices when designing eRecruiter and all of its functionalities to ensure the highest possible security of our data.

OWASP does not issue any certificates. You can compare our security documents confirming that we follow the main security-improving design assumptions postulated by the foundation.

8. Data Processors

eRecruiter is supported by certain Data Processors processing personal data in accordance with Article 28 sec. 2 of the GDPR to ensure appropriate rendition of services.

Czy to odpowiedziało na twoje pytanie?