Security

Software Security

Maintaining the security of your data is our priority

Our recruitment software is used to store and process personal and sensitive information on behalf of millions of candidates. As a business we have invested heavily in ensuring we have the right team to achieve and maintain the highest level of security of your data.

Our Information Security Management team are supported not only by our own team of developers, software testers, Certified GDPR practitioners and our Data Protection Officer but also independent security experts who continually monitor and help to improve security and protect your data.

ICO REGISTRATION

networx (2001) Ltd
Reg. No Z7776099

ISO 270001:2017

networx (2001) Ltd
Reg. No 218268

GDPR CERTIFIED

Certified Practitioners
GDPR – QACGDPRP

G-Cloud Supplier

networx have been a G Cloud Approved Supplier of Software for a number
of years.
 

The G-Cloud Digital Marketplace is the online platform that all public sector organisations can use to find and buy cloud-based services.

ISO 27001: 2017 Certified

As an organisation, networx have undergone the rigorous exercise to become ISO 27001:2017 compliant. This means that not only do we have the right processes and policies in place to manage security risks efficiently but clients and candidates can be confident that these processes and policies have been fully assessed and meet the high quality standards required to
become certified.

FSQS Supplier

networx are registered as an approved supplier on the FSQS. FSQS is a supplier qualification system for the financial sector that objectively assesses potential vendor risks, proportionally to products and services being provided and across areas of compliance.

Secure Hosting

Data is held in the cloud by global hosting provider, Rackspace who offer one of the most secure hosting services available and provide access to your data 24/7/365. Their EU data centre is located in Heathrow, UK.

In addition Rackspace constantly monitor our network traffic and notify us immediately by text and email to alert us of any suspicious activity/ anomalies via their active 24/7 monitoring and Alerts service. Rackspace are also SOC-1
and ISO 27001 accredited.

Find out more about Rackspace

Data Backup / Data Recovery

We run multiple database servers. Should a server have any kind of failure our infrastructure will automatically and seamlessly switch to another server to ensure there is no interruption to the service. We perform daily backups which are retained for a two week period to allow us to recover data should the need arise.

Data Encryption

Data is protected through encryption both ‘in transit’ and ‘at rest’. Encryption of data ‘in transit’ stops anyone being able to access, intercept, read, copy or duplicate files as they are being sent. Highly sensitive information such as bank details can also be encrypted ’at rest’ to ensure that should the data ever be stolen, it cannot be accessed or viewed. To further protect any personal or sensitive information collected from or about the candidate, all data captured from candidate’s is pseudonymised to make it difficult to associate the information stored with the candidate’s account should it be accessed by unauthorised individuals.

Passwords

Passwords are encrypted using HMAC SHA2-512 encryption utilising one way hashes.

Data in Rest

We encrypt account passwords using HMAC SHA2-512 encryption. All the answers to application forms, supplemental information forms, interview feedback forms, offer forms and the vacancy details are pseudonymised.

Data in Transit

All information to and from the system is encrypted in transit using TLS1.2 with a SHA256 SSL certificate.The application can only be accessed via HTTPS using SHA-256 certificates.

Security Cryptographic Keys

Password cryptographic keys are randomly generated and compiled into the system. The keys are not held anywhere within the database.

Encryption Keys

A different key is randomly generated for every client.

Access to Data

Access to client data for networx employees is assigned by need. Client user access is controlled according to each clients requirements. User access rights can only be changed following a request from authorised personnel.

Sharing & Sending Data

When it comes to sending and sharing data stored within your recruitment software, there are a number of key system functionality which we offer to ensure that your data is kept secure.

Restrict who information can be sent to
Predefined lists of authorised email domains prevent data from being sent to anyone outside of your organisation either by 
mistake or intentionally.


Restrict the ability to print information
Option to remove the print functionality, removes the ability for users to create hard copies of candidate data and the associated
security issues.

Sharing Data with 3rd Party Providers

We perform an annual security audit on all 3rd party providers.This ensures that before we share any data we are confident that they have the necessary policies and procedures in place to maintain the high level of security we provide when processing candidate's
on your behalf.

Audit Trails

We record the actions of users to create a comprehensive audit trail in relation to processing of candidate applications, communications sent from the system and any changes made to the settings.

Security Logs

All security events such as authentication events, SSH session command and privilege elevations in production are logged within the system.

Vulnerability Testing

We employ an independent provider to conduct regular Penetration Testing across our software. This is essentially a controlled form of hacking which allows us to identify any weaknesses before anyone else does. Our software is fully penetration tested and validated on an annual basis by SEC-1.

Sec-1 uses a blend of methodologies taken from industry best practice standards such as  the Open Source Security Testing Methodology Manual (OSSTMM), the Open Web Application Security Project (OWASP) and the Council of Registered Ethical Security Testers (CREST). Annual independent penetration tests are run in September/October each year. We perform our own penetration tests using an automated tool provided by SEC-1 every month. Reliability and functional user testing is also incorporated.

Software Development

All development work is handled internally within our technical team at our Head Office in Otley. We run a formalised 3 monthly development cycle and all developments are subject to rigorous testing processes before being released.

Security Training

Every 12 months, all developers have training to cover the security considerations to be aware of during developments.

Peer Review

All developments undergo a peer review which includes ensuring new security issues are not introduced.

Release Testing

Before every release we perform an automated penetration test. This test includes checking for network vulnerabilities.

Quarterly Releases

Quarterly releases are planned within the preceding quarter and delivered across a series of Sprints. This is a conscious move to ensure the development programme is agile enough to deliver necessary improvements quickly and to support those requested by existing clients.

Communication

Information regarding new functionality and updates is communicated via email to all relevant users.

New System Updates

For the vast majority of releases, the system update will not involve any interruption to the service. Where possible we try to ensure that new features require an activation so you have chance to adapt your internal procedures before accepting new functionality. Where this is not possible, plenty of notice will be given.

Contact us

Simply complete the form below and we’ll get in touch.

PLEASE NOTE: This form is for enquiries regarding our recruitment software and services ONLY.

If you are looking for a job or experiencing issues applying please email candidates@networxrecruitment.com.