top of page

Platform

Local infrastructure and software for personal data processing in compliance with local regulations 

Compliance

Platform is designed to comply with various legal and technical regulations across the world

DATA RESIDENCY

​

​

Personal data including sensitive records like tax, bank, social documents processed and physically stored using local server infrastructure

CROSS-BORDER TRANSFER

​

​

Personal data is transfered to jurisdictions with adequate personal data protection upon obtaining explicit consent from personal data subject or from local authority. Anonymised data is transfered to restricted jurisdiction.  

 

DATA RETENTION

​

​

Personal data is kept for a certain amount of time or only for as long as data is required to achieve the purpose of collection. Personal data subject retain right to request full log, update or delete their data.

​

​

DATA PROTECTION

​

Technical and organizational measures are taken for encryption, access controls, monitoring and notification 

Data residency

Platform’s distributed architecture integrates Talent Systems custom frontend with HCM system backend using

InCountry Data Residency-as-a-Service

Fully compliant worldwide infrastructure with two synchronized facilities in each country

​

On-the-fly redaction/unredaction of regulated or sensitive data within API requests

​

Data loss prevention ensures data does not leave a local country

​

User authentication by Talent Systems application and customer’s identity provider

​

Data authorization is fine grained to the row and field level

Information security

Highest information security standards at all levels of data protection

Physical infrastructure protection and 24/7 monitoring.

FTR (fault tolerant redundancy) configuration.

Network firewall, segmentation and protection against DDoS attacks. Automatic threat detection and continuous monitoring.

Data in transit is encrypted using TLS/SSL.

Data at rest is encrypted with encryption keys managed in a FIPS 140-2 compliant key management system. BYOK (bring your own key) option.

Internal vulnerability testing.

Application components are regularly scanned and updated to ensure a high level of security.

Security and privacy by design principles integrated into SDLC.

OWASP Top 10 vulnerability protection.

Manual and automated code reviews.

Access controls by role, attribute, policy.

All user activity is logged and regularly reviewed.

Standards and certifications

Our infrastructure partners comply with international standards and certification requirements

27001

ISO/IEC 27001 is a risk-based set of information security requirements that require an organization to have a well-structured Information Security Management System (ISMS).

9000

ISO 9000 family is a set of five quality management systems (QMS) standards that help organizations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service.

20000

ISO/IEC 20000 was originally developed to reflect best practice guidance contained within the ITIL framework, although it equally supports other IT service management frameworks and approaches including Microsoft Operations Framework and components of ISACA's COBIT framework.

22301

ISO 22301, Security and resilience, is a management system standard published by International Organization for Standardization that specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.

14000

ISO 14000 is a family of standards related to environmental management that exists to help organizations (a) minimize how their operations (processes, etc.) negatively affect the environment (i.e. cause adverse changes to air, water, or land); (b) comply with applicable laws, regulations, and other environmentally oriented requirements; and (c) continually improve in the above.

Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy.

Tier 3 Uptime Institute Certified data centres are utilized by larger businesses and feature 99.982% uptime 
No more than 1.6 hours of downtime per year
N+1 fault tolerant providing at least 72-hour power outage protection

bottom of page