The nature of CVCheck’s services in screening and verification means that we gather sensitive information from your company and the candidates you entrust to us.
You may be wondering how we manage this data? What measures or practices does CVCheck have in place to protect this information and, by extension, your company and its hiring brand?
You’ll be happy to know that CVCheck puts information security and respect for privacy at the forefront of everything we do.
Here’s a brief overview of the measures that CVCheck employs to securely manage the personal data we collect and the information we obtain or generate on your behalf.
The CVCheck platform has built-in privacy by design and privacy by default. We comply with the relevant privacy legislation in Australia and New Zealand which sets out the requirements for reporting and the notification to affected parties of any data breach or inadvertent release of information.
We also satisfy the General Data Protection Regulation (GDPR) for EU customers that came into effect on 25th May 2018.
Layered Approach to Security
CVCheck’s layered approach to security follows industry best practices to provide the following benefits:
Our systems and processes are engineered to deliver security at all levels.
A guiding principle at CVCheck is that security is most effective when it is ‘designed in’ as an integral part of every process and system.
We consider the implications for end-to-end security in every design decision we make, from the choice of technologies we use in our platform to the ways we communicate with our customers and candidates.
Policies and managerial oversight from the executive level down.
CVCheck’s management and awareness of security start at the top of the company. Our Information Security Committee includes our most senior and experienced staff with a spread of expertise from Information Technology to Legal.
The Security Committee sets the security policy framework that defines security measures and responsibilities for CVCheck’s staff and all operational departments.
Driving awareness and procedural compliance.
CVCheck embeds security in our culture. The first step in cultivating and reinforcing that culture is the induction training that all new staff members complete as soon as they join CVCheck. All CVCheck staff are aware of and familiar with, the relevant privacy legislation and the security protocols and practices that apply to their role in the company.
We also conduct periodic, ongoing refresher training in security and privacy practices and policies so that all staff maintain and high level of awareness and vigilance.
Controlling access to sensitive areas, management of physical and electronic documents, and secure document disposal.
CVCheck maintains a clean-desk policy and pursues paperless office practices as the norm. We dispose of all paper-based documents using secure commercial shredding or incineration services.
CVCheck’s offices are also physically secure with a range of access control measures to ensure that unauthorised persons cannot gain entry to sensitive processing areas of the business without supervision.
Security architecture, designs and implementation of our software and systems.
CVCheck’s engineering team have designed our online screening platform to ensure security from the ground up.
- File and database systems are encrypted at rest, which means that every piece of data is protected 100% of the time.
- Our application incorporates role-based and departmental security to segregate data and ensure access to sensitive information is available on a need-to-know basis.
- All functionality is implemented to support best-practice security defences to thwart scripting attacks and other hacker modalities.
- Firewalls and site monitoring block illegal traffic and record user events across the application to a separate audit server.
- We enforce the use of secure sockets between the user and our servers for all web page views.
- Our application and operational processes only use secure point-to-point transport mechanisms to transfer sensitive data or materials. We don’t use unsecured transmission mediums, such as email, to exchange data or provide results with our users.
- Our engineering teams complete ongoing industry training to maintain their awareness of current commercial security practices and hacker exploits and the engineering techniques that protect against intrusion.
- We maintain rigorously updated patches on our servers to ensure that security updates are applied as soon as they are released.
Security assurance through external and independent audits, review, and regular penetration testing.
When it comes to security, a ‘many eyes’ approach is the most effective guarantee that weaknesses are detected and rectified. CVCheck employs independent, industry certified, security experts with the experience and track record to support our security aims. We continue to run an annual program of penetration and security testing of the CVCheck online screening platform. This testing regime is supported by ongoing audit and architecture reviews to maximise the security of our application and the servers it runs on.
Confidence in transactional and payment security.
Our customers can be confident that transactions between their browser and the CVCheck website are completely secure. CVCheck enforces secure socket layer (SSL) connections for every page of our website and our application. The use of SSL means that data traffic between your computer and our site is encrypted and protected at all times.
We work with a PCI compliant payment gateway that we embed within our application. Our website never sees and never stores sensitive credit card data or other payment information.
On-shore ownership and robust application architecture ensures adherence to data management best-practice
All customer and operational data is held securely in Australian data centres. Our trained operators manage and process checks from our local operations centres in both Australia and New Zealand respectively.
The CVCheck application architecture includes redundant servers with automatic fail-over and load balancing to ensure high availability, robust performance, fast response times and data preservation in the event of an equipment failure. You can have confidence that your data is handled securely. Our on-shore corporate structure and ownership means that there is no chance of foreign operators, parent companies or governments inspecting or obtaining your sensitive information.
At CVCheck, we see our services as an extension of your hiring brand. Your candidate’s experience and the safeguarding of their personal data is one part of that brand experience. As your partner, CVCheck delivers the expertise, attitude, and systems to ensure that your information, and that of your applicants, is held and managed securely.
Security is part of our culture, and we engineer it into the fabric of our business – it’s not an afterthought. You can rest assured that your data, and your brand, is in good hands.