Policies and procedures

We’re committed to keeping your data secure, your private information private, and being transparent about our practices as a business.

Security Policy

We take security and privacy seriously, adhering to enterprise-level security standards that keep your customer data protected.

Effective Date: May 25, 2018


Security Team

We have a globally distributed infrastructure and security team on-call 24/7. Our team is constantly monitoring security notifications from all 3rd party software libraries and if identified, we immediately apply any relevant security patches as soon as they are released. Our engineers work together with the product teams to ensure that all of Hire Success’ code and infrastructure follows a secure development lifecycle process.

Infrastructure

All of Hire Success' application and data infrastructure is hosted on Amazon Web Services (AWS), a highly scalable cloud computing platform with end-to-end security and privacy features built in.

All our infrastructure is within our virtual private cloud (VPC) with production access restricted to operations support staff only. This allows us to leverage complete firewall protection, private IP addresses and other security features.

For more specific details regarding AWS security, please refer to https://aws.amazon.com/security/.

Uptime

We strive for a 99.99% uptime across all our products and to support that, we host our monitoring and logging systems outside of AWS and employ a variety of tools to accurately monitor and report on any anomaly that could impact the delivery of our services.

Data Center

All data is stored in secure AWS infrastructure, housed in Amazon-controlled data centers. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access. It is safe to say Amazon is much better at physical security than we are capable of being, so we leave it to them.

Application

Through the use of automated and manual analysis, as well as constant security review of 3rd party libraries, we ensure to the best of our abilities that we are delivering products that are free from security defects. All Hire Success web application communications support TLS v1.2, and cannot be viewed by a third party. We enforce the same level of encryption used by banks and financial institutions. Email Security

Email Security

Hire Success supports TLS encryption on all inbound and outbound email. For an explanation of how email encryption works, we recommend this overview from Google.

Engineering and Operational Practices

We design all services with high availability in mind. Our goal is to deliver 99.99% uptime across all our products. In order to achieve this goal, we follow a number of engineering best practices

  • Immutable infrastructure - We don’t make changes to live code or running servers in production. Where applicable, we treat both our software and our infrastructure configuration as code. Which means all changes go through a formal code review, automated testing and automated deployment process.
  • Continuous integration and delivery - We are using continuous integration and deployment automation and configuration management tools to build, test and deploy code multiple times a day.
  • Incident response - Our infrastructure and security team is on a rotating on-call schedule to respond to any security or availability incidents immediately.

Back to top