talent systems
Platform
Local infrastructure and software for personal data processing in compliance with local regulations
Compliance
Platform is designed to comply with various legal and technical regulations across the world
DATA RESIDENCY
Personal data including sensitive records like tax, bank, social documents processed and physically stored using local server infrastructure
CROSS-BORDER TRANSFER
Personal data is transfered to jurisdictions with adequate personal data protection upon obtaining explicit consent from personal data subject or from local authority. Anonymised data is transfered to restricted jurisdiction.
DATA RETENTION
Personal data is kept for a certain amount of time or only for as long as data is required to achieve the purpose of collection. Personal data subject retain right to request full log, update or delete their data.
DATA PROTECTION
Technical and organizational measures are taken for encryption, access controls, monitoring and notification
Data residency
Platform’s distributed architecture integrates Talent Systems custom frontend with HCM system backend using
InCountry Data Residency-as-a-Service
Fully compliant worldwide infrastructure with two synchronized facilities in each country
On-the-fly redaction/unredaction of regulated or sensitive data within API requests
Data loss prevention ensures data does not leave a local country
User authentication by Talent Systems application and customer’s identity provider
Data authorization is fine grained to the row and field level
Information security
Highest information security standards at all levels of data protection
Physical infrastructure protection and 24/7 monitoring.
FTR (fault tolerant redundancy) configuration.
Network firewall, segmentation and protection against DDoS attacks. Automatic threat detection and continuous monitoring.
Data in transit is encrypted using TLS/SSL.
Data at rest is encrypted with encryption keys managed in a FIPS 140-2 compliant key management system. BYOK (bring your own key) option.
Internal vulnerability testing.
Application components are regularly scanned and updated to ensure a high level of security.
Security and privacy by design principles integrated into SDLC.
OWASP Top 10 vulnerability protection.
Manual and automated code reviews.
Access controls by role, attribute, policy.
All user activity is logged and regularly reviewed.
Standards and certifications
Our infrastructure partners comply with international standards and certification requirements
27001
ISO/IEC 27001 is a risk-based set of information security requirements that require an organization to have a well-structured Information Security Management System (ISMS).
9000
ISO 9000 family is a set of five quality management systems (QMS) standards that help organizations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service.
20000
ISO/IEC 20000 was originally developed to reflect best practice guidance contained within the ITIL framework, although it equally supports other IT service management frameworks and approaches including Microsoft Operations Framework and components of ISACA's COBIT framework.
22301
ISO 22301, Security and resilience, is a management system standard published by International Organization for Standardization that specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.
14000
ISO 14000 is a family of standards related to environmental management that exists to help organizations (a) minimize how their operations (processes, etc.) negatively affect the environment (i.e. cause adverse changes to air, water, or land); (b) comply with applicable laws, regulations, and other environmentally oriented requirements; and (c) continually improve in the above.
Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy.
Tier 3 Uptime Institute Certified data centres are utilized by larger businesses and feature 99.982% uptime
No more than 1.6 hours of downtime per year
N+1 fault tolerant providing at least 72-hour power outage protection