This includes but is not limited to:
Data Protection in the Cloud
Entelo’s services run on Amazon Web Services (AWS), which is physically secure, employs modern software security techniques, and requires multi-factor authentication for access. The AWS cloud infrastructure is constantly monitored, highly automated, and highly available. It meets many global security standards including ISO 27001, SOC, PCI, and FedRAMP. For more information, please visit: https://aws.amazon.com/security/.
Entelo integrates seamlessly with your applicant tracking system (ATS) without compromising the security of your data. Communication through ATS partner APIs is HTTPS encrypted using TLS 1.2. The connection is encrypted and authenticated using AES-128 bit encryption. The Advanced Encryption Standard (AES) is used by the U.S. government to protect classified information and also used commercially to protect sensitive data in software.
In addition to encrypting API traffic to your ATS, Entelo encrypts other sensitive company data you share with us. We use the Key Management Service (KMS) through AWS to control and separate encryption keys used to encrypt your data. KMS employs Hardware Security Modules (HSMs) to protect the security of keys. Keys can never be exported from the service.
Entelo never stores user passwords. We utilize a one-way, cryptographic hashing algorithm known as Bcrypt, an industry standard for password hashing.
Strong Access Protection
Choosing a recruiting platform with a multi-tenant SAAS architecture can pose serious security risks. Entelo does not share your data with our other customers. Rigorous access controls restrict customers to their data only. Personally identifiable information from your applicants will never be available to others.
Separation of Search and Stack
Entelo’s two flagship solutions, Search and Stack, are completely separate products, and applicant data is isolated from public data. In other words, the applicant information you push into Stack from your ATS will never enter into our Search dataset. Other Entelo Search customers will never be able to parse through the resumes of your applicants.
Entelo has partnered with a reputable, global information assurance specialist, NCC Group, to perform objective, third-party security audits on an annual basis. Vulnerability scans are performed at both the network and application level. The testing methods assure our compliance with both WASC (Web Application Security Consortium) and OWASP (Open Web Application Security Project) standards.
To become fully operational in the case of a disaster, Entelo’s data is stored in an AWS multi-Availability Zone (AZ) database instance. Each AZ runs its own physically distinct, independent infrastructure and is designed to be highly reliable. In case of an infrastructure failure, it performs an automatic failover to a standby.
Entelo employees with access to sensitive customer data can only access information on a need-to-know basis for troubleshooting purposes and are required to adhere to strict privacy guidelines. For access to our production systems, all engineers use multi-factor authentication and are restricted by IP location – a process we closely track and audit. Customer data is never copied locally onto employee computers. Additionally, all new hires are subject to a pre-employment background check in order to verify identity, references, criminal history, etc.
Security Training for Your Team
We know that the HR team members using Entelo products are not seasoned security experts. As part of our customer onboarding process and user training, our customer success team provides basic security best practices and recommendations to all Entelo product users.