This document with go over Censia's Privacy & Security Standards.
Important elements in this document:
- What are Censia's Security & Privacy Standards?
- How does Censia Ensure Privacy and Security?
What are Censia’s Security and Privacy Standards?
ISO 27001
Censia is ISO 27001:13 certified. Censia has established and maintains a company- wide information security management framework per the requirements of ISO 27001, including security policies, standards, and procedures.
GDPR
Censia complies with the European Union General Data Protection Regulations (GDPR) and supports customers’ compliance programs.
For more information on our GDPR Compliance, you can visit: https://www.censia.com/gdpr/
CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
Censia complies with all CCPA requirements and regulations and is CCPA Compliant. The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of California.
For more information about CCPA, you can visit this link.
OFCCP
Censia supports the record-keeping and evaluation standards established by the Office of Federal Contract Compliance Programs (OFCCP) and helps companies simplify and strengthen OFCCP compliance.
For more information on Censia & OFCCP, you can visit this link.
DATA PRIVACY IMPACT ASSESSMENT (DPIA)
Censia’s DPIA combines the requirements of the GDPR with best practices suggested by the European Data Protection Board (formerly the Article 29 Working Party). It also incorporates the substantive elements of the example DPIA formats of both the United Kingdom’s ICO and France’s CNIL. Additionally, Censia’s DPIA includes a mapping of the GDPR requirements of the Censia platform as well as a quantitative risk assessment section. Please request a copy of our Data Privacy Impact Assessment (DPIA) for more information.
How does Censia ensure Privacy and Security?
DATA PROTECTION IN THE CLOUD
Censia only uses the best-in-class service providers to ensure information safety. Censia’s services run on Amazon Web Services (AWS), which is physically secure, employs modern software security techniques and is trusted by hundreds of thousands of businesses globally.
Censia protects information transmitted between systems and integrates seamlessly with existing platform systems (ATS, CRM, HRIS) without compromising data security. Communication through HRIS partner APIs is HTTPS encrypted using TLS 1.2(3). Connections are encrypted and authenticated using AES-256 bit encryption. The U.S. government uses the Advanced Encryption Standard (AES) to protect classified information and software companies to protect sensitive data.
DATA ENCRYPTION
Censia encrypts user data to ensure privacy. In addition to encrypting API traffic to and from HRIS systems, Censia encrypts other sensitive company data shared with it. We use the Key Management Service (KMS) through AWS to control and separate encryption keys. KMS employs Hardware Security Modules (HSMs) to protect the security of keys. All data is encrypted at rest and in transit between nodes, ensuring complete data privacy.
PASSWORD HASHING
Censia never views or stores user passwords and utilizes a one-way cryptographic hashing algorithm to protect your privacy.
STRONG ACCESS PROTECTION
Censia protects customer data from other customers using rigorous access controls that restrict customers to their data only. Personally identifiable information from your applicants and other sensitive data will never be available to customers.
INDEPENDENT SECURITY ASSESSMENTS
Censia has partnered with a reputable, global information assurance specialist 24×7 to perform objective, third-party security audits annually. Marcum Technology performs penetration testing at both the network and application levels.
RESILIENCE
Censia stores data in AWS Aurora and S3, which are natively AWS resilient and ensure that Censia remains fully operational during a disaster. AWS Aurora performs an automatic failover process in case of an infrastructure failure, ensuring minimal downtime and maximum reliability.
SECURITY TRAINING FOR YOUR TEAM
Censia understands that most HR teams are not seasoned security experts and has a rigorous onboarding and user training process that ensures each user understands and uses the best security practices.
CENSIA PERSONNEL
All Censia staff undergo regular and extensive security training to ensure that all data is handled correctly. Censia employees with access to sensitive customer data can only access information on a need-to-know basis for troubleshooting purposes and must adhere to strict privacy guidelines. For access to our production systems, all engineers use multi-factor authentication – a tracked and audited process. Customer data is never copied locally onto employee computers.
Additionally, all new employees are subject to a pre-employment background check to verify identity, references, criminal history, etc. Censia’s Information Security Management System (ISMS) minimizes risk and ensures business continuity by preventing unauthorized access to data and limiting the impact in the unlikely event of a security breach.
Comments
0 comments
Please sign in to leave a comment.