Career Hackers Talent Solution - Security Portal

User access to systems and data, including applicant and employer information, is granted strictly based on the Principle of Least Privilege. This means users only receive the minimum necessary permissions required for their job functions, enforced through documented access requests and manager approvals.

We follow a formal Secure Development Lifecycle (SDLC) methodology, integrating security into every phase from design to deployment. This includes secure coding guidelines, regular secure code reviews, threat modeling, and automated security testing to build a robust and trustworthy assessment platform for applicants and employers.

Our information security management system (ISMS) is aligned with internationally recognized standards for Information Security (ISO 27001), Cloud Security (ISO 27017), and PII Protection in Cloud environments (ISO 27018). This commitment ensures a systematic approach to managing sensitive applicant and employer data through appropriate controls, risk assessments, and continuous improvement.

Comprehensive Business Continuity and Disaster Recovery (BCDR) plans are established and regularly tested to ensure service availability for applicants and employers, and to protect data integrity during significant disruptions or disasters.

A secure configuration management system ensures consistent, approved, and hardened deployment of system configurations, reducing misconfigurations and enhancing the stability and security of the assessment platform for all users.

Rigorous and formal change management procedures ensure that all modifications to our assessment platform, software, and infrastructure are authorized, documented, tested, reviewed, and approved prior to production implementation, minimizing risks to applicants and employers.

Access to deploy changes to the production environment is strictly restricted to authorized, trained personnel using automated and audited processes, safeguarding the stability and integrity of the live assessment platform.

Our data backup policy documents robust procedures for the regular, encrypted backup and tested recovery of applicant assessment results and employer configurations, ensuring data resilience and availability.

Clearly defined roles, responsibilities, and reporting lines for information security are established across the organization, from management to operational staff. This documented governance structure ensures accountability for protecting applicant and employer data at all levels.

Our comprehensive suite of information security policies and procedures is documented, communicated, and reviewed at least annually to adapt to evolving threats and business needs, providing a robust framework for protecting applicant and employer data.

An accessible external-facing support system allows both applicants and employers to report system issues, potential security concerns, or other complaints to dedicated personnel for timely investigation and resolution.

We conduct formal access reviews at least quarterly for all critical systems handling applicant and employer data. This process ensures user access remains appropriate and adheres to the principle of least privilege, with required changes tracked to completion and attested by system owners.

We operate a systematic risk management program where risks to applicant data, employer information, and our AI assessment services are identified, assessed annually (or more frequently as needed), and mitigated based on their potential impact and likelihood. This includes considering threats from environmental, regulatory, and technological changes, as well as potential for fraud.

We conduct due diligence and maintain written agreements with vendors and third-parties that process applicant or employer data. These agreements include robust confidentiality, privacy, and security commitments, ensuring our security standards are extended throughout our supply chain.

We perform continuous vulnerability scanning on our internal and external-facing systems. Critical and high vulnerabilities are prioritized and tracked to remediation within defined SLAs to safeguard the platform for applicants and employers.

Comprehensive Business Continuity and Disaster Recovery (BCDR) plans are in place to ensure service availability for applicants and employers, and to protect data integrity during disruptions.

Our BCDR plans are tested at least annually to verify their effectiveness, ensuring we can maintain service for applicants and protect employer data in adverse events.

A configuration management system ensures consistent and secure deployment of system configurations, enhancing the stability and security of the assessment platform for all users.

Rigorous change management procedures ensure that all modifications to our assessment platform are authorized, tested, and approved, minimizing risks to applicants and employers.

We maintain SOC 2 compliance, with regular audits providing employers assurance regarding our system's security, availability, processing integrity, confidentiality, and privacy controls relevant to applicant data.

Our Board of Directors, including independent members, meets regularly to discuss security and compliance, with formal minutes maintained, ensuring accountability for protecting applicant and employer data.

Employers are notified of critical system changes that may affect their use of the assessment platform or the processing of applicant data, ensuring transparency.

Management roles and responsibilities are clearly defined for overseeing the design and implementation of security controls, ensuring accountability for protecting applicant and employer data.

Our documented organizational chart includes clear reporting lines for security functions, providing transparency to employers regarding our security governance.

Specific roles and responsibilities for all aspects of information security are formally assigned, ensuring comprehensive protection of the assessment platform and data for applicants and employers.

Our comprehensive information security policies and procedures are documented and reviewed at least annually, providing a robust framework for protecting applicant and employer data.

An external-facing support system allows both applicants and employers to report system issues, security concerns, or other complaints to appropriate personnel for timely resolution.

System changes are communicated to authorized internal users to ensure consistent understanding and management of the platform, indirectly benefiting the stability and security experienced by applicants and employers.

We conduct access reviews at least quarterly for systems handling applicant and employer data, ensuring access remains appropriate and tracking any required changes to completion.

User access to systems containing applicant or employer data is granted based on job role and requires a documented access request with manager approval, adhering to the principle of least privilege.

Our incident response plan is tested annually to ensure readiness for handling security events, minimizing potential impact on applicants, employers, and their data.

Documented security and privacy incident response policies are communicated to authorized users, ensuring a coordinated approach to protecting applicant and employer interests during an incident.

Security and privacy incidents are rigorously logged, tracked, resolved, and communicated to affected applicants or employers as appropriate, following our established incident response procedures.

Our security commitments are clearly communicated to employers in Master Service Agreements (MSA) or Terms of Service (TOS), providing transparency and assurance.

We provide guidelines and technical support resources to both applicants and employers to help them use our assessment platform securely and effectively.

A clear description of our AI assessment services, including relevant security and privacy considerations, is provided to internal teams, applicants, and employers.

We specify clear objectives for our risk assessments, focusing on the identification of risks to applicant data, employer information, and the integrity of our AI assessment services.

Risk assessments are performed at least annually to identify and evaluate threats to our service commitments, including those impacting applicant data privacy and employer reliance on our platform, considering potential for fraud.

Host-based vulnerability scans are performed at least quarterly on all external-facing systems, with critical and high vulnerabilities tracked to remediation to safeguard the platform for applicants and employers.