Security & Compliance: Enterprise-Grade Protection for Hiring Data

Your hiring process collects some of the most sensitive information your organisation handles: personal details, employment history, performance assessments, reference feedback. A breach doesn't just risk data—it damages your employer brand, exposes you to legal liability, and erodes candidate trust.

Security and compliance aren't checkboxes to tick—they're foundational requirements for modern hiring. At SkillSociety, we've built security into every layer of our platform, with certifications and controls that meet the most demanding enterprise requirements.

Enterprise Security Architecture

Data Protection in Transit and at Rest

Every piece of candidate data is protected:

• TLS 1.3 Encryption: All data encrypted during transmission between clients and servers
• AES-256 Encryption: Data encrypted at rest with industry-standard encryption
• Key Management: Dedicated key management service with regular rotation
• Secure Backups: Encrypted, geographically distributed backups with point-in-time recovery

Identity and Access Management

Control who sees what, when:

• Multi-Factor Authentication (MFA): Required for all admin access
• Role-Based Access Control: Granular permissions based on user roles
• Single Sign-On (SSO): SAML and OAuth 2.0 integration with your identity provider
• Session Management: Automatic timeout, secure session handling, and concurrent session limits

Network and Infrastructure Security

Our infrastructure is designed for resilience:

• Cloud-Native Architecture: Built on AWS with VPC isolation
• Web Application Firewall: Protection against common web vulnerabilities
• DDoS Protection: Automated detection and mitigation of distributed denial-of-service attacks
• Penetration Testing: Regular third-party security assessments

Compliance Certifications

SOC 2 Compliant Security Framework

SkillSociety operates with SOC 2-aligned security controls, demonstrating our commitment to:

• Security: Comprehensive controls to protect customer data
• Availability: High-availability infrastructure with redundancy measures
• Processing Integrity: Accurate, complete, and timely data processing
• Confidentiality: Strict controls over confidential information
• Privacy: Privacy notice, choice, and consent practices

What This Means for You: Our security controls are designed to meet rigorous industry standards. We maintain ongoing security assessments and vulnerability monitoring to protect your data.

GDPR Compliant

Full compliance with the General Data Protection Regulation:

• Data Minimisation: We collect only data necessary for hiring processes
• Right to Access: Candidates can request their data at any time
• Right to Erasure: Complete data deletion upon request
• Data Portability: Export candidate data in standard formats
• Consent Management: Granular tracking of all candidate consents
• EU Data Residency: EU-hosted infrastructure for European customer data

What This Means for You: Operate across European markets with confidence, knowing you meet GDPR requirements for candidate data processing.

Australian Privacy Principles

Full compliance with Australian privacy legislation:

• Australian Data Centres: All customer data hosted in Australian AWS regions
• Privacy by Design: Privacy considerations built into all features
• Data Breach Notification: Established procedures for breach response
• Access and Correction: Candidate rights to access and correct their data

Candidate Privacy Controls

Transparent Data Collection

Candidates know exactly what we're collecting and why:

• Clear Privacy Policies: Accessible, plain-language explanations of data use
• Purpose Limitation: Data used only for stated hiring purposes
• Retention Policies: Automatic data deletion based on configurable timelines
• Consent Tracking: Complete audit trail of all candidate consents

Candidate Rights

Candidates maintain control over their information:

• Access Requests: Download all data we hold about them
• Deletion Requests: Complete removal from our systems
• Consent Withdrawal: Revoke permission for ongoing processing
• Correction Requests: Update inaccurate information

Bias and Fairness Controls

Our AI is designed for fair, unbiased evaluation:

• Algorithm Transparency: Documentation of how decisions are made
• Bias Auditing: Regular testing for differential outcomes
• Human Oversight: Final decisions always made by people
• Explainable Insights: Every assessment traceable to source data

Audit Trail and Reporting

Complete Activity Logging

Every action is recorded:

• User Activity: Who accessed what data and when
• Data Changes: Complete history of all modifications
• API Access: All API calls logged with full context
• Candidate Interactions: Record of all candidate communications

Compliance Reporting

Generate reports for audits and reviews:

• Access Logs: Who viewed which candidate profiles
• Data Retention: What data is stored and for how long
• Consent Status: Current consent status for all candidates
• Security Events: Log of security-related incidents

Custom Audit Exports

Export data for internal or external audits:

• Date Range Selection: Export logs for specific time periods
• User Filtering: Activity by specific users or roles
• Event Types: Filter by activity type (access, modify, delete)
• Format Options: CSV, JSON, or direct integration with SIEM systems

Integration Security

Secure ATS Connections

Our integrations maintain security standards:

• OAuth 2.0 Authentication: Token-based access without password sharing
• Encrypted Data Transfer: All integration traffic encrypted
• Permission Scopes: Minimal required permissions only
• Connection Monitoring: Real-time health checks and alerts

API Security

Programmatic access that's secure by design:

• API Keys: Unique, rotatable credentials for each integration
• Rate Limiting: Protection against abuse and unauthorised access
• Request Signing: Optional request verification for sensitive operations
• IP Whitelisting: Restrict API access to trusted networks

Incident Response

24/7 Security Monitoring

Our security team watches around the clock:

• Real-Time Alerting: Immediate notification of suspicious activity
• Threat Detection: Automated systems identify potential threats
• Incident Response Team: Dedicated team for security incidents
• Communication Plan: Clear procedures for customer notification

Business Continuity

Planned for the unexpected:

• Disaster Recovery: Tested recovery procedures with defined RTO and RPO
• Geographic Redundancy: Multi-region deployment for resilience
• Regular Testing: Quarterly disaster recovery exercises
• Service Continuity: Plans for maintaining service during incidents

Getting Security-Approved

For enterprise customers, we provide comprehensive security documentation:

Security Questionnaire

Pre-completed answers to standard security questionnaires:

• CAIQ (Cloud Security Alliance)
• SIG (Standardized Information Gathering)
• VSA (Vendor Security Assessment)
• Custom questionnaires

Penetration Test Reports

Summary findings from independent security assessments:

• Annual penetration testing by third-party firms
• Vulnerability scanning on a continuous basis
• Remediation tracking and verification

Compliance Documentation

Security and compliance documentation:

• SOC 2-aligned security framework documentation
• GDPR compliance documentation
• Australian Privacy Principles mapping
• Industry-specific compliance (healthcare, finance, government)

Building Trust Through Security

Security isn't just about protecting data—it's about building trust. When candidates know their information is handled responsibly, they engage more fully. When hiring managers know assessments are fair and data is secure, they make better decisions. When your legal and compliance teams know requirements are met, everyone moves faster.

At SkillSociety, security is a continuous commitment—not a one-time certification. We invest heavily in security because it's the right thing to do, and because it enables our customers to hire with confidence.

Ready to Hire with Confidence?

Your organisation deserves hiring technology that meets enterprise security standards.

• Review Our Security Documentation – Request access to our security pack
• Complete Security Review Faster – Get pre-completed questionnaires and certifications
• Talk to Our Security Team – Discuss your specific security requirements

---

With SkillSociety, you get enterprise-grade security and compliance built in—so you can focus on hiring great talent, not managing risk.