Our priority is to safeguard our customers’ data from unauthorized access, misuse, destruction or alteration and to ensure the confidentiality, integrity and availability of our product. To embrace the highest security standards, we are constantly developing our technical and organizational measures according to laws, regulations, and industry security standards. Security though is more than a set of technical controls; it encompasses also people and processes. For that reason, we invest in continuous education and role-based training to improve our security awareness culture. This also empowers our employees to identify and report potential security threats effectively.
Certifications
Job&Talent is committed to protecting the security of its business information in the face of incidents and unwanted events and has implemented an Information Security Management System (ISMS) that is compliant with ISO/IEC 27001:2022, the international standard for information security.The ISMS applies to all systems, people and processes of Job&Talent, including board members, directors, employees, suppliers, and other third parties who have access to Job&Talent's information assets. Commitment to information security extends to senior management of the Job&Talent and it is demonstrated by the provision of appropriate resources to provide and develop the ISMS and associated controls.
Download our ISO 27001 certificate here.
Shared Responsibility Model
Job&Talent is a SaaS solution hosted in Amazon AWS and thus it is responsible for secure operating systems, platforms, and data. AWS is a certified provider and is responsible for protecting the physical infrastructure that runs all of our services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services
Data protection
Job&Talent is committed to protecting your privacy and complying with applicable data protection regulations such as the General Data Protection Regulation (GDPR). We ensure that our data handling practices are aligned with these regulations and strive to provide you with transparency and control over your personal information. Access to the customer data is limited to authorized employees and strictly used for the intended purposes as outlined in our privacy policy. We employ industry-standard encryption protocols, such as Transport Layer Security (TLS), to encrypt data in transit. Additionally, sensitive data is stored using encryption-at-rest, leveraging AWS Key Management Service (KMS) to securely manage encryption keys.
Identity and access management
Job&Talent uses Multi-Factor Authentication (MFA) and AWS Identity and Access Management (IAM) to secure the identity and access management. All employees are granted access to applications based on their role, and automatically deprovisioned upon termination of their employment. Access is granted based on the ‘least privilege’ and ‘need to know’ basis and reviewed in frequent intervals. All employees undergo a clearance procedure and are required to sign a confidentiality agreement regarding the Job&Talent systems and customer data.
Endpoint protection
Job&Talent implements centralized management, utilizes mobile device management (MDM) software, employs anti-malware protection and enforces secure configurations such as disk encryption and screen lock configuration.
Product Security
In Job&Talent, we follow secure software development practices to minimize security risks and vulnerabilities within our product.
Secure Coding: Our development team adheres to industry best practices for secure coding, including input validation, output encoding, and proper error handling to mitigate common security threats such as Cross-Site Scripting (XSS) and SQL injection.
Vulnerability Management: We have established processes for monitoring and addressing vulnerabilities in third-party libraries and dependencies. We promptly apply security patches and updates to maintain the integrity of our product.
Secure Development Lifecycle: We integrate security practices throughout the software development lifecycle. This includes conducting security reviews, threat modeling, and security testing at various stages to proactively identify and mitigate potential security risks.
Continuous Monitoring and Incident Response
To ensure the ongoing security of our product, we implement continuous monitoring and maintain a robust incident response process.We actively monitor system logs and security events to identify any suspicious or anomalous activities promptly. This enables us to take immediate action if any security incidents occur.In the event of a security incident, we have well-defined incident response procedures in place. Our team responds swiftly to mitigate the impact, investigate the incident, and implement necessary measures to prevent recurrence.
Security Tips
At Job&Talent we want to protect our applicants and workers from phishing attempts, fraudulent emails, calls and messages. We know how important your data is, and that is why protecting it has become one of our priorities. We would like to support you in safeguarding your data during your entire journey with us, so please, take in mind the below security tips:
Be cautious if you receive unsolicited messages on WhatsApp invited to join a phishing website which impersonates Job&Talent to create your own working account. Phishing links can lead to fake websites designed to steal your information.Compare the information received on WhatsApp with what is available on the official site or contact our customer service through official contact methods. If you still not sure about the authenticity of the website, please report any suspicious messages or contacts to WhatsApp and block the sender to prevent further communication.
Be wary of emails that require urgent action. Phishing attempts often claim that there is a situation that requires your urgent attention, in an attempt to get you to click on a link or provide details, etc.
Pay attention to the wording and spelling. Phishing emails often contain misspellings, phrases that don't make sense, or unusual symbols and characters.
Check the link address before clicking. It is important to check that the link is reliable. To do this, you can place the mouse pointer over the button or link and look at the address displayed at the bottom left of the browser or your email client. If what you see seems suspicious, don't click!
Check the sender. If you don't recognize the sender or the domain doesn't appear to match the company or service it claims to be, this could be a phishing attempt.
Don't download files without looking at the extension. File that has more than one extension (something like “filename.doc.zip”), or is a compressed (.zip) or executable (.exe) file might be suspicious. Always scan the files with an antivirus before opening them.
Do not transfer money to anyone claiming to be from Job&Talent. Job&Talent will never ask you for any type of payment, monetary or otherwise, as part of the hiring process or during the course of your employment.
Keep passwords safe. Remember, passwords are the gateway to your information. Never share your passwords with anyone, make them hard to guess and use different passwords on multiple systems.
Report any suspicious activity
If you are ever asked to make a payment to a Job&Talent staff member, or you receive any suspicious mail, call or urgent requirement of personal information, please report it to customer support: [email protected]