We want our customers to feel safe when they are using our products, and trust us with their data.
Talent Systems takes a defense-in-depth approach to security, compliance and privacy. As a result, we focus on securing and protecting each layer of the organization, our products, and your data. In order to achieve this, we have developed and continue to evolve a robust Security, Compliance and Privacy program to align to new laws and regulations, and meet the latest industry guidance and best practices.
Our Security, Compliance and Privacy program
Talent Systems Security, Compliance and Privacy program is led by our Global Head of Data Protection and Information Governance who works with experts across security, product, engineering and operations to implement and evolve the program.
Enterprise-wide Information Security policies have been developed to implement the program across all of Talent Systems and apply to all products and services. Any successful program requires a robust security, compliance and privacy culture, and as such our program includes a focus on our people.
Our program requires that:
- Appropriate background checks are completed for all new hires as part of the recruitment process
- All new hires complete a Security, Compliance and Privacy introductory session
- All staff undertake annual security training
- Staff receive role-specific education and awareness activities throughout the year
Validation of our program
Our program is monitored and audited internally to ensure it remains effective with results reported to senior management. The same process is used to identify improvements to existing and future security controls to develop our program further. Technologies and techniques are deployed to identify vulnerabilities and risks which are managed through the risk management process. Our tools that detect potential threats and vulnerabilities run uninterrupted and trigger alerts that are reviewed and acted upon through clearly defined protocols that are taught to and followed by our staff.
We externally validate and test our program to provide an independent review using certified assessors and external security specialists. One example of this is SOC 2. Talent Systems has successfully completed the SOC 2 audit process.
Our Security, Compliance and Privacy program applies to all of Talent Systems products and services. For more information about each product's own security, compliance and privacy features, please refer to the respective site available and view the ‘Our Solutions’ section at https://www.talentsystems.com/about.
Data is stored and maintained in industry-leading data centres which are compliant with a range of industry and security standards and certifications including the international information security standard ISO 27001 to provide robust physical and data security. Customer data is logically separated from other customers’ data.
Talent Systems facilities have been risk assessed, and appropriate, controls in place including secure access on entry points and CCTV in operation. There are no data storage facilities within any Talent Systems premises.
Talent Systems uses industry-standard encryption tools and techniques to secure data appropriately in-transit and at-rest.
Talent Systems utilizes internal and external security testing tools and practices to identify and manage threats and vulnerabilities to our products and systems. These tools run in both on-demand and persistent contexts.
Talent Systems networks are separated to ensure that development and testing systems are separate from production environments. Production servers are hardened using industry standard best practices and are subject to intrusion detection and other security testing tools.
Secure software development
Talent Systems operates a Software Development Lifecycle Policy that is aligned to the OWASP Software Assurance Maturity Model (SAMM). Security, Compliance and Privacy standards and assessments are built into the Product Development Lifecycle (PDLC) process to identify and remediate risks or vulnerabilities identified.
Talent Systems applies the principle of least privilege when provisioning access. Access is provided on a need to know basis against roles and responsibilities. Only authorized individuals have rights to grant, modify and revoke access in accordance with agreed procedures.
Staff accessing systems are assigned unique IDs, and Talent Systems implements further authentication controls including Multi-factor Authentication into its systems.
As part of its defense in depth approach, Talent Systems employs monitoring, logging and alerting technologies to provide visibility of the current state of security. Security events are logged including access, and security personnel are alerted to critical security events including intrusion detection on production environments.
Talent Systems secures workstations issued to its staff to meet compliance with standards and policies. Issued devices have default configurations applied including device encryption, and operate the latest versions of security monitoring software including antivirus and antimalware to protect data and systems.
Products are designed so customers have the ability to manage and remove their data in accordance with contractual agreements. Talent Systems data and hosting service providers maintain responsibility for secure removal of data in compliance with industry standards and certifications.
Secure incident management
Talent Systems manages incidents in line with incident management procedures to manage, classify and learn from incidents when they occur. Procedures are tested on at least an annual basis involving expertise from across the organization including assigned incident managers. Staff are trained in how to identify and report incidents in a timely fashion, and management monitors KPIs related to the effectiveness of incident management.
Secure vendor management
Talent Systems risk assesses the security posture of organizations it works with and monitors KPIs relating to its vendors, including vendors who support the operation of production systems. A risk assessment and approval process is in place for new vendors, and periodic risk reviews are conducted for ongoing compliance.
Secure business continuity
Talent Systems undertakes regular reviews and testing of its business continuity plan, and utilizes industry-leading standards of data and environment hosting providers to enable preparation for disaster recovery, and implement its backup policy.
This provides an overview of the steps that Talent Systems takes to keep its products and services secure and compliant - and secure and protect our customers' data.
If you would like further information or have any questions about specific products, please contact our Support or Success team.