For more information about security please also see the Security Framework. |
Providing HR software to customers around the world is a serious business. So we take security and availability extremely seriously. Below is an overview of the precautions we take to ensure your data is protected.
Is our HR data secure? What measures do you take to ensure it’s secure from access by unauthorized parties or hackers?
We developed Comeet based on the security expectations you would have of enterprise-level software. We bake into Comeet the most advanced security and coding practices, as well as choose business partners such as AWS (Amazon Web Services) that have equally high security standards. AWS has achieved compliance with an extensive list of global security standards, including ISO 27001, SOC, PCI Data Security Standard, Australian Signals Directorate (ASD) Information Security Manual, and Singapore Multi-Tier Cloud Security Standard (MTCS SS 584).
Third-Party Auditing
We contract with an IT security auditor recognized for its penetration testing and security expertise to identify vulnerabilities and reveal potential exploitation damage and severity. These bi-annual penetration testing and vulnerability assessments comprise a variety of activities, including attacking our infrastructure and targeting potentially harmful vulnerabilities as defined by OWASP and WASC.
Who has access to our data?
Access to Comeet’s production infrastructure (including your data and user login details) is closely restricted. Access is on an as-needed basis by our full-time employees who are required to sign confidentiality agreements as a requirement of their employment. The only people in Comeet who have access to your data are those who need it to perform their support and technical responsibilities, a process usually initiated by a support request from you. Data is compartmentalized between companies; users from one organization cannot access any data from other Comeet customers. User passwords are never stored in plaintext.
How do you ensure business continuity by maintaining the availability of our data and applications?
AWS has an exemplary application availability record that typically exceeds 99.99%. Our customer data is hosted and stored in AWS’ secure data centers, which have a robust and redundant infrastructure design, including daily backups. Your data is connected to a disaster recovery data center. In the event of a catastrophic failure in the primary data center, service restoration immediately follows.
How do we retrieve our data if we want to switch to another ATS vendor?
First of all, we will be very sad to see you go. We want your last engagement with us to be as positive as your first so that you’ll fondly recalls the “Comeet days.” And want to return some day. We will export your entire database (spreadsheet with candidate data + resumes + attachments), and email it or securely FTP it to someone you designate on your staff. We will erase your data from our servers 30 days after your contract ends.
Is Comeet compliant with SOC 2?
Comeet is proud to announce that it has received a SOC 2 Type 2 report of its controls by an accredited independent accounting and auditing company.
As defined by the AICPA, “SOC (Service Organization Control) for Service Organizations reports are designed to help service organizations that provide services to other entities, build trust and confidence in the service performed and controls related to the services through a report by an independent CPA.”
The report reviewed our controls relevant to Security, Availability, and Confidentiality. This required a comprehensive and rigorous review of the following components.
Infrastructure. The physical structures, IT, and other hardware (for example, facilities, computers, equipment, mobile devices, and other telecommunications networks).
Software. The application programs and IT system software that support application programs (operating systems, middleware, and utilities).
People. The personnel involved in the governance, operation and use of a system (developers, operators, entity users, vendor personnel, and managers).
Procedures. The automated and manual procedures.
Data. Transaction streams, files, databases, tables, and output used or processed by the system).
The independent CPA tested these controls and gained assurance that Comeet’s controls were suitably designed and operated effectively to meet the trust service criteria.
Have more questions? Contact us at support@comeet.co