Security

Our Commitment to Security

At Employee Screening, we understand that handling sensitive employee and candidate data requires the highest standards of security. We are committed to protecting your information through industry-leading security measures, continuous monitoring, and strict compliance with data protection regulations.

Data Protection and Encryption

Encryption at Rest

All sensitive data stored in our systems is encrypted using AES-256 encryption, the industry standard for data protection. This includes:

• Personal identifiable information (PII)
• Background check results and reports
• Financial and payment information
• User authentication credentials

Encryption in Transit

All data transmitted between our servers and your devices is protected using TLS 1.3 encryption with perfect forward secrecy. We regularly update our security certificates and monitor for vulnerabilities.

Access Controls and Authentication

Multi-Factor Authentication (MFA)

We require multi-factor authentication for all administrative access and offer it as an option for all user accounts. Supported methods include:

• SMS-based verification
• Authenticator app support (Google Authenticator, Authy, etc.)
• Hardware security keys (WebAuthn/FIDO2)

Role-Based Access Control (RBAC)

Our platform implements granular role-based access controls to ensure users only access the information necessary for their role. Permissions are regularly audited and updated based on least-privilege principles.

Network Security

Infrastructure Protection

Our infrastructure is protected by multiple layers of security:

• Firewalls and intrusion detection systems
• Distributed Denial of Service (DDoS) protection
• Regular security patching and updates
• 24/7 security monitoring and alerting

Secure Hosting

Our services are hosted on SOC 2 Type II compliant data centers with redundant systems, backup power, and physical security measures including biometric access controls and video surveillance.

Compliance and Certifications

Regulatory Compliance

We maintain compliance with major data protection regulations:

• FCRA Compliance: Fair Credit Reporting Act for background screening
• GDPR: General Data Protection Regulation for EU data subjects
• CCPA: California Consumer Privacy Act compliance
• SOX: Sarbanes-Oxley Act for financial data protection

Industry Certifications

Our security practices are validated through third-party certifications including SOC 2 Type II, ISO 27001, and regular penetration testing by certified security firms.

Incident Response and Monitoring

24/7 Security Monitoring

Our security operations center monitors our systems around the clock for:

• Unusual access patterns and behaviors
• Potential security threats and vulnerabilities
• System performance and availability
• Compliance with security policies

Incident Response Plan

In the event of a security incident, we have established protocols for rapid response, containment, eradication, and recovery. All incidents are documented and analyzed to improve our security posture.

Data Backup and Recovery

Regular Backups

We maintain encrypted backups of all critical data with:

• Daily incremental backups
• Weekly full backups
• Geographic redundancy across multiple data centers
• Regular backup integrity testing

Disaster Recovery

Our disaster recovery plan ensures business continuity with recovery time objectives (RTO) of under 4 hours and recovery point objectives (RPO) of under 1 hour for critical systems.

Employee Screening and Background Checks

Secure Data Handling

When conducting background checks and employee screenings, we ensure:

• Secure transmission of sensitive data to third-party verifiers
• Compliance with FCRA requirements for data usage
• Proper consent and disclosure procedures
• Limited retention periods for sensitive information

Third-Party Security

All third-party service providers undergo rigorous security assessments before integration. We require SOC 2 compliance or equivalent security standards from our partners.

Security Awareness and Training

All employees undergo regular security awareness training covering phishing prevention, data handling best practices, and incident reporting procedures. Our security team conducts ongoing education to maintain a security-first culture.

Reporting Security Concerns

If you discover a security vulnerability or have concerns about our security practices, please contact us immediately:

Regular Security Assessments

We conduct regular security assessments including vulnerability scanning, penetration testing, and code reviews. Our security measures are continuously updated based on the latest threats and industry best practices.