Security and Compliance

Is your data secure?

At JobTech, we take security very seriously – just ask the companies that trust us with their talent development and management processes. JobTech constantly invests in protecting your data. We enforce strict security measures, maintain policies and operationalise procedures to comply with required data security and privacy standards. We continue to take all measures needed to improve our information security levels.

What kind of security artefacts are available for you?

JobTech’s security artefacts are available upon request and some require an Non-Disclosure Agreement (NDA).

Artefacts available:


Artefacts subject to an NDA:

  • SOC 2 Type II Report – Updated July 2024
  • Disaster Recovery and Business Continuity Exercise and Report – Updated July 2024
  • Vulnerability Assessment and Penetration Testing (VAPT) Report – Updated November 2023


Request for security artefacts requiring an NDA
here.

Security

JobTech’s Security Program

At JobTech, we prioritise the privacy of our customers and their users. We understand the importance of customer trust and provide enterprise-grade data protection. Our security programme includes collaboration from engineering, operations, and legal teams to address all aspects of cybersecurity and data protection. Our product is designed with privacy as a central focus to safeguard Personal Data and ensure responsible use.

Security Governance and Management

JobTech employs a structured security control framework based on recognised industry standards to govern its information security practices. These frameworks encompass a standardised set of controls and incorporate widely-used commercially available protective measures. JobTech has developed and maintains a comprehensive set of Information Security Policies and enforcement procedures aligned with these security control frameworks and industry best practices. These policies undergo regular review, at least annually or when there are significant changes in practices or regulatory requirements. JobTech diligently monitors its policies and procedures to ensure they effectively safeguard the confidentiality, integrity, and availability of our customers' data.

Identification and Authorisation (Access Management)

JobTech has established a formal user registration and de-registration protocol to manage personnel access to processing resources and personal data. Upon personnel termination, access to personal data is promptly revoked, ensuring security. We enforce stringent access controls, granting system entry only to authorised personnel. Authentication is managed centrally, employing robust security measures like strong passwords, Single Sign-On (SSO), and mandatory Multi-Factor Authentication (MFA). Access to JobTech systems is restricted solely to Virtual Private Network (VPN) connections, safeguarding data integrity and confidentiality.

Product Security

Our Secure Software Development Lifecycle, implemented by JobTech, integrates robust security measures at every stage of the software development process. Utilising a blend of automated tools and manual checks, we swiftly identify and mitigate potential risks. Regular software patches, including critical updates, are seamlessly incorporated into our monthly release cycle. Our agile Change Management policy facilitates efficient adaptations when needed, supported by clearly defined responsibilities and stakeholders across the entire lifecycle.

Data Storage and Residency

Customer data is securely stored in Amazon Web Services (AWS) data centres. Our data storage policy is location-agnostic, ensuring compliance with data protection regulations. This means we can help JobTech customers store data in the appropriate geographic region as needed.

Encryption

Ensuring the utmost security of your data, JobTech encrypts data, records, and files transmitted wirelessly or across public networks using TLS v1.3 protocol. Additionally, data at rest is safeguarded with industry-standard cryptographic algorithms, including the Advanced Encryption Standard with a 256-bit cipher key ("AES-256"). All encryption keys are protected against modification, and secret and private keys are shielded from unauthorised disclosure, providing comprehensive protection for your sensitive information.

Availability, Business Continuity and Disaster Recovery

JobTech implements and upholds a comprehensive Business Continuity Policy (BCP) and Disaster Recovery Plan (DRP). Our team conducts regular testing of our Business Continuity measures to ensure effectiveness. JobTech has developed and maintains resilient design and architecture for our services. To assess and enhance resilience, we conduct regular Disaster Recovery drills.

Physical Security

JobTech implements stringent physical security measures and environmental controls across its facilities to prevent unauthorised access to areas where personal data is stored or accessed. These measures include the use of personal access cards, door sensors, video surveillance, and ongoing monitoring. Physical access control to JobTech data centres is overseen by our trusted Cloud Provider, incorporating features such as CCTV surveillance, access based on the principle of least privilege, and comprehensive access logs. Our Cloud Provider's data centres undergo rigorous certification and attestation processes to ensure compliance and security.

Event Logging

JobTech upholds stringent measures and protocols for detecting, recording, analysing, and resolving any unauthorised attempts to access personal data or JobTech’s systems. Regular reviews of access logs are conducted to verify the appropriateness and necessity of access permissions. Furthermore, JobTech's operating system security mechanisms are configured to uphold stringent security procedures, including the identification and verification of each authorised user, as well as the logging of successful and failed system accesses, principle of least privilege, and comprehensive access logs. Our Cloud Provider's data centres undergo rigorous certification and attestation processes to ensure compliance and security

Vulnerability Management and Penetration Testing

JobTech prioritises security through regular scans for known vulnerabilities on all external systems, ensuring a comprehensive check at least monthly. Identified vulnerabilities are promptly addressed based on severity, in alignment with JobTech's robust policies. Additionally, annual penetration tests, conducted by reputable firms or in response to significant changes, provide further assurance. Findings are meticulously documented, prioritised, and remediated as necessary. Furthermore, JobTech maintains up-to-date anti-malware software on all endpoints to safeguard against potential threats, principle of least privilege, and comprehensive access logs. Our Cloud Provider's data centres undergo rigorous certification and attestation processes to ensure compliance and security.

Risk Management

JobTech has developed and utilises a risk assessment methodology grounded in industry-standard frameworks. We conduct regular risk assessments and diligently review them to ensure the effectiveness of our controls. All assessment results are meticulously documented. JobTech proactively develops action plans to address any identified risks and meticulously tracks the progress of these plans

Security Systems

Our security infrastructure at JobTech comprises a multi-layered defense system, encompassing firewalls, network and application layer security, threat detection and protection mechanisms, vulnerability scans, access controls, encryption, and meticulously designed processes to fortify our systems and safeguard customer data.

Third Parties

JobTech utilises various third-party applications and services to enhance the delivery of our products to clients. The integrity of our information assets and vendor relationships is paramount for sustaining operations and service delivery. Our security team has implemented a robust vendor management programme and third-party vendor security policy, outlining the standards to be met and agreed upon when partnering with external vendors. These collaborations undergo thorough assessments to evaluate technical, physical, and administrative controls, aligning with JobTech's and our clients' expectations.

Data Protection

Data Protection Awareness

All JobTech employees receive comprehensive security and privacy awareness training upon joining and annually thereafter. Certain roles, particularly those with access to sensitive information, may undergo security training more frequently. Our company culture prioritise customer trust and protection, fostering a commitment among employees to uphold best practices and safeguard customer data at all times.

Data Residence

JobTech leverages multiple AWS data centers worldwide to ensure compliance with relevant data protection regulations for our global customer base. Customers have the option to request storing their data in a specific region to align with their compliance requirements.

Data Retention

JobTech has a formal data retention policy that clearly defines the retention period for customer data. Upon signing a Non-Disclosure Agreement (NDA), our customers can request an executive summary of our policy.

Data Subject Rights

End users (employees of our customers, or Data Subjects) are encouraged to reach out to our support team at JobTech with any questions or concerns regarding their data.

JobTech Certifications and Attestations

SOC 2 Type II Attestation report focuses on the American Institute of Certified Public Accountant’s (AICPA) trust service principles. It examines a service provider’s internal controls and systems related to security, availability and confidentiality of data.