The Hire Talent Security Documentation

Our security system is based on  “trust service principles”—security, availability, processing integrity, confidentiality and privacy.

1. Confidentiality and Privacy

 

          – Access Control

Our ATS has three platforms. One of them is opened and it is called:  applicant (https://applicant.thehiretalent.io/)  two others are closed: myaccount (https://myaccount.thehiretalent.io/) and admin (https://admin.thehiretalent.io/). Applicant platform has assessments where you can get only by unique url and career page. Career page uses an open url where customers can see the company open positions list. 

      – Two Factor Authentication

Myaccount platform uses two factor authentication. Authentication Method is the customer’s email. Customer receives code to the email and needs to paste this code in the requested window during the registration process. After registration, customers have an opportunity to switch off two factor authentication.

       – Encryption

All customers’ passwords are encrypted.  Passwords are encrypted with the help of  Spring Security. Authorization is implemented based on JWT. (json web token).

 

 

2. Security

 

      – Intrusion Detection

We are using a JDBC template with parameterized queries  in every request to the database. 

XSS attacks are forbidden because we are using React.Js.

 

     – SSL certificate 

We are using the GoDaddy SSL certificate. All three platforms have SSL certificates.

 

 

3. Availability

 

 

     – Performance Monitoring

We are using Heroku server. It has a well built interface where we can investigate metrics of our database and application system. 

     – Disaster recovery

Heroku is using automatic backups. Automatic backups one time per 4 days. 

 

4. Progressing Integrity

 

     – Quality assurance

Monitoring of data processing, coupled with quality assurance procedures, can help ensure processing integrity. Smoke and regression testing of every change in production.