Trust & Data Security
The KISREC web application has been built using enterprise-class security features to ensure all customer data is fully protected. We use the latest cutting-edge front end web development technology and we deliver our service through the Google Cloud Platform (GCP), a world-leading, secure-by-design suite of cloud computing services that scale automatically to billions of users.
Google Cloud's security model, world-scale infrastructure, and unique capability to innovate help to keep our web application secure and compliant. Read more about Google's trust and security
here.
Google undergo independent verification of their security, privacy, and compliance controls including ISO/IEC 27001/27017/27018/27701, SOC 1/2/3, PCI DSS, and FedRAMP certifications, and alignment with HIPAA, GDPR, and CCPA, among others. More information can be found
here.
Google Firebase
We deliver our service using Google's Firebase mobile development platform which is backed by the Google Cloud Platform.
The Firebase platform is a backend-as-a-service solution both for mobile and web-based applications that includes services for building, testing, and managing apps.
The KISREC web application utilises the following Firebase services:
Cloud Firestore is a flexable, scalable NoSQL cloud database to store and sync data for client and server-side development
Cloud Functions for Firebase is a serverless framework that lets us automatically run backend code in response to events triggered by Firebase features and HTTPS requests.
Cloud Storage for Firebase allows the secure storage of files, such as photo's and documents.
Authentication provides an end-to-end identity solution, supporting email and password accounts, phone auth, and Google, Twitter, Facebook, and GitHub login, and more.
Firebase Hosting provides fast and secure hosting. Files deployed to Firebase Hosting are cached on SSDs at CDN edge servers around the world. We have SSL certificates for our sites so our users get a secure, reliable, low-latency experience, no matter where they are.
Encryption and Security
All our customer data is located in Google's data centers within the europe-west3 regional location (Multiple locations within Europe). Google's data centers use custom-build servers exclusively, never selling or distributing them externally. With an industry-leading security team working 24/7 around the globe to make their facilities one of the safest places for your data to be stored.
Rather than storing data on a single machine or set of machines, Google distribute all data across many computers in different locations. They then chunk and replicate the data over multiple systems to avoid a single point of failure.
Data is encrypted in transit between their facilities and at rest using AES256, ensuring that it can only be accessed by authorized roles and services with audited access to the encryption keys. More information can be found
here.
Google's data centers are protected with several layers of security to prevent any unauthorised access. They use secure perimeter defense systems, comprehensive camera coverage, biometric authentication, and a 24/7 guard staff. In addition, they enforce a strict access and security policy at their data centers and ensure all staff is trained to be security minded.
Access to the Google Cloud Platform through its web based console application is strictly restricted to our key technical personel. The console uses multi-factor authentication to ensure the highest level of security is maintained.
Application Security
We follow industry best practices wherever possible to keep your data safe.
We have deployed strict Cloud Firestore Security Rules that provide robust data access management. These security rules ensure authenticated users only have access to the data they are permitted to access.
Users log in to the KISREC web application using an email address and password. A user password must be at least 8 characters and contain at least one uppercase, one lowercase, one number and a special character
Source code management is employed for all applications and development processes. The KISREC application source code is hosted using an industry leading-secure, third party source code repository.
All user communication with the KISREC web application is done through an internet browser through a secure HTTPS connection.
Customer Support Team
Our customer support team have limited access to customer data using our secure internal management application. This management application provides access to specific customer data such as account settings, user accounts, billing & subscription information and usage logs. Our customer support team do not have access to customer data such as candidate, client contacts or job records.
These employees have accepted our confidentiality agreement as part of their terms of employment and will have accepted our code of conduct which includes non-disclosure both during and post-employment when handling customer data.
Database Backups & Disaster Recovery
A full database backup is automatically permformed on a daily basis at 3am and before any system update.The database backups are stored in Google Cloud Storage within the europe-west3 regional location (Multiple locations within Europe).
We store the daily database backups for a maximum of 30 days. In the unlikely event of a data or software issue we would use the latest daily backup to restore and recover the database.
Service Monitoring
We have a public operational
service status page which provides our historical uptimes and also details of any incidents or service disruption.
Third-Party Services
The KISREC web application uses third-party software-as-a-service suppliers in order to provide some of its functionality (i.e SMTP Mail, SMS Messaging, Search and Indexing Service, CV Parsing). Where this is the case, we ensure that an equivalent level of Data Protection to GDPR is in place for the providers we use and that they explicitly comply with GDPR regulatory requirements.
Data Import & Export
We provide a secure location for you to upload or download your data. When you upload your data to be imported into KISREC, we will retain the data after the import has been completed for 7 working days. Exported data will be removed 5 working days from the export date.