JobAdder Pre Sales

Question:

How does JobAdder secure my data?

Answer:

We are committed to ensuring and maintaining the integrity of our system. JobAdder has a security framework in place to ensure the accessibility, confidentiality and protection of one of your most valuable assets – data.

This is accomplished by continually assessing, testing and improving the technology, controls, processes and procedures that govern the management of our systems.

We regularly review and update security policies, compartmentalise system access, perform software and infrastructure security testing (including penetration testing) and conduct both internal and external assessments to identify risks and threats.

Access Control

JobAdder has procedures in place to restrict access to applications, network and data environments to only what is critical for an employee to do their job. This includes ongoing management review of employees and immediate de-authorisation of terminated employees.

Information Management Systems (e.g. application servers, firewalls, APIs) have logging and monitoring enabled. Privileged access (administrator level access) is monitored and logged using a number of tools such as AWS CloudTrail.

You are able to control the access your employees have to business critical functions within JobAdder with our user hierarchy system.

Secure Hosting

JobAdder is hosted by AWS Cloud. AWS security entails data encryption at rest and in-transit, hardware security modules and comprehensive physical security which all contribute to a secure cloud system.

The AWS cloud system provides us with the capability to control, audit and manage identity, configure usage, as well as meet our government and private client’s compliance, governance and regulatory requirements.

Risk & Vulnerability

We diligently maintain the security of our systems and proactively assess potential threats and patch vulnerabilities. We identify risks through regular application, network and security auditing by our dedicated team and third-party security specialists.

Penetration Testing

Our system undergoes regular penetration testing by third-party security specialists. This testing is undertaken yearly with the process including testing for  Zero(0)-Day, OWASP Top 10 and CWE Top 25 exploits.

The scope of the penetration testing extends across all of our services including web, mobile and API. AWS is ISO 27001 & ISO 9001 compliant with additional details provided at:

https://aws.amazon.com/compliance/iso-27001-faqs/

https://aws.amazon.com/compliance/iso-9001-faqs/

Ensuring our code is secure

We employ a range of methodologies to detect and rectify security defects in the JobAdder code including static code analysis, pre-deployment vulnerability checks and controls in place to ensure standards of quality are being met for software development. These include authentication, authorisation, input/output validation, session management, logging, encryption, cryptography & more.

Our development team follow a strict change management process with procedures and checks built in to ensure integrity. All development changes are stored in a version control system and go through both automated & manual Quality Assurance (QA) testing. Production and non-production environments are stored in separate data centres and we never store personally identifiable information in pre-production environments.

Disaster Response

JobAdder has a disaster recovery plan in place to preserve your data in the event of a disaster, system failure or incident that could disrupt operations or threaten our systems.

Policies, processes and certificates

More detailed documentation outlining our security process and procedures are available on request. Reach out to the JobAdder sales team who will happily assist you.