Security and Compliance

        

Compliance

GDPR

Censia is compliant with European Union General Data Protection Regulations (GDPR) and supports customers’ compliance programs. Learn more here.

CALIFORNIA CONSUMER PRIVACY ACT (CCPA)

Censia complies with all CCPA requirements and regulations and is CCPA Compliant. The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of California.

OFCCP

Censia supports both the record-keeping and evaluation standards established by the Office of Federal Contract Compliance Programs (OFCCP) and helps companies simplify and strengthen OFCCP compliance.

DATA PRIVACY IMPACT ASSESSMENT (DPIA)

Censia’s DPIA combines the requirements of the GDPR with best practices suggested by the European Data Protection Board (formerly the Article 29 Working Party). It also  incorporates the substantive elements of the example DPIA formats of both the United Kingdom’s ICO and France’s CNIL. Additionally, Censia’s DPIA includes a mapping of GDPR requirements of the Censia platform as well as a quantitative risk assessment section. For more information, please request a copy of our Data Privacy Impact Assessment (DPIA).

Certifications

ISO 27001

Censia is ISO 27001:13 certified. Censia has established and maintains a company-wide information security management framework per the requirements of ISO 27001, including security policies, standards, and procedures.

Top Security and Privacy Features

DATA PROTECTION IN THE CLOUD

Censia only uses the best-in-class service providers to ensure information safety. Censia’s services run on Amazon Web Services (AWS), which is physically secure, employs modern software security techniques, and is trusted by hundreds of thousands of businesses globally.

SECURE APIS

Censia protects information as it’s being transmitted between systems and integrates seamlessly with existing platform systems (ATS, CRM, HRIS) without compromising data security. Communication through HRIS partner APIs is HTTPS encrypted using TLS 1.2(3). Connections are encrypted and authenticated using AES-256 bit encryption. The U.S. government uses the Advanced Encryption Standard (AES) to protect classified information and software companies to protect sensitive data.

DATA ENCRYPTION

Censia encrypts user data to ensure privacy. In addition to encrypting API traffic to and from HRIS systems, Censia encrypts other sensitive company data shared with it. We use the Key Management Service (KMS) through AWS to control and separate encryption keys. KMS employs Hardware Security Modules (HSMs) to protect the security of keys. All data is encrypted at rest and in transit between nodes, ensuring complete data privacy.

PASSWORD HASHING

Censia never views or stores user passwords and utilizes a one-way cryptographic hashing algorithm to protect your privacy. 

STRONG ACCESS PROTECTION

Censia protects customer data from other customers using rigorous access controls that restrict customers to their data only. Personally identifiable information from your applicants and other sensitive data will never be available to other customers.​

INDEPENDENT SECURITY ASSESSMENTS

Censia has partnered with a reputable, global information assurance specialist, 24×7, to perform objective, third-party security audits annually. Penetration testing is performed by Marcum Technology at both the network and application levels.

RESILIENCE

Censia stores data in AWS Aurora and S3, which are natively AWS resilient and ensures that Censia remains fully operational in case of a disaster. In case of an infrastructure failure, AWS Aurora performs an automatic failover process, ensuring minimal downtime and maximum reliability.

SECURITY TRAINING FOR YOUR TEAM

Censia understands that most HR teams are not seasoned security experts and has a rigorous onboarding and user training process that ensures each user understands and uses the best security practices.

CENSIA PERSONNEL

All Censia staff undergoes regular and extensive security training to ensure that all data is handled correctly. Censia employees with access to sensitive customer data can only access information on a need-to-know basis for troubleshooting purposes and are required to adhere to strict privacy guidelines. For access to our production systems, all engineers use multi-factor authentication – a process that is tracked and audited. Customer data is never copied locally onto employee computers. Additionally, all new employees are subject to a pre-employment background check to verify identity, references, criminal history, etc. Censia’s Information Security Management System (ISMS)minimizes risk and ensures business continuity by preventing unauthorized access to data and limiting the impact in the unlikely event of a security breach.​

FREQUENTLY ASKED QUESTIONS:

Does Censia collect any data directly from candidates (i.e. through email communications, or through a candidate directly and proactively uploading information to a Censia website or platform)?

No.

Please list the specific public resources from which data relating to candidates is sourced.

Censia continuously maps the global talent pool and has built a highly scalable and secure enterprise data platform. Data is sourced from multiple industry and professional data partners and aggregator vendors who compile talent and people-based data across billions of public web pages and discover pages containing professional information. Censia applies artificial intelligence algorithms to extract, label, and structure that data to create a candidate “Golden Record” (live source of truth profile). To do this, Censia has built multiple data partnerships with vendors allowing us to aggregate data from over 2,000 public data sources providing necessary career data on our database of talent professionals. Each data set and field is matched to Censia taxonomies and ontologies for standardization and clustering. Some of these sources include Public Professional Sites (e.g., LinkedIn, Bloomberg, Pitchbook, GitHub, StackOverflow, Quora, Dribble, About.me, Angellist, WordPress Blogs, etc.), Public Resume Databases (Google Scholar, Indeed, etc.), Public Job Boards (e.g., Monster, Careerbuilder, etc.), Alumni Networks, Consumer Databases (e.g., D&B, ZoomInfo), State/Federal Registration Boards (oNet), Google Jobs API, Company Information (Pitchbook, Crunchbase, Privco, NYSE, NASDAQ, Yahoo Finance), Contact, validation and verification Partnership data, and more. Censia can add data from client-requested sites as well. All data Censia receives is run through a clustering process to determine relevant data points that belong together as part of the same person’s profile. For example, if there are 100,000 pieces of data labeled ‘Bob Smith,’ Censia algorithms determine which groups of data points belong to an individual, such as “Bob Smith, the CFO of XYZ Company” to create a Golden record profile that is distinct from all of the other Bob Smiths. Clustered data points are constantly combined, handling conflicting information to create a dynamic professional overview combining disparate data sources from across the web.

Please list any private resources that are behind paywalls or other login walls from which data relating to candidates is sourced.

None. All webpages used for data collection are fully publicly available, and none of the data sits behind security barriers such as paywalls or logins when collating the public data.

How does Censia ensure that the data enrichment services/brokers it works with have appropriate authorization/consent to share/sell candidates’ data with Censia (for Censia to then sell the data with its own clients)?

Contractual obligations are present in all partnership/data purchase agreements. Our partners are contractually and legally bound to abide by legally compliant best practices for authorization to collect and share data with Censia. Censia requires multiple sources to confirm data and has strict confidence, recency and salincy practices on data accuracy.

Does Censia utilize any automated technologies to scrape information from third-party websites/information sources?

No.

How does Censia ensure that it does not infringe the terms of use/service for websites that do not permit the copying of profiles and data from its website?

Censia does not directly scrape or aggregate information from these websites.  Furthermore, as part of our extensive ISO 27001 Certification process and global partnerships with reputable firms such as SAP, Microsoft, Workday, iCIMs, and many others, Censia has invested heavily in privacy and security infrastructure and processes as well as legal and data integrity compliance analysis.

Does Censia create profiles on social media or other platforms (e.g., LinkedIn) in order to collect data, and if so, does it always identify itself as Censia?

No.

How does Censia ensure that all candidates whose data it collects are able to exercise their rights under applicable privacy laws (e.g., rights of access and erasure).

As part of our GDPR compliance and ISO certification process, we have created procedures and auditing for all current privacy laws and policies and review changes in global legal changes quarterly. 

What if a profile is wrong or doesn’t have the right information?

What is included in a profile?

Each profile contains the following sections 

  • Biography
  • Work History
  • Company Information
  • Highlights (key experiences such as M&A, IPO, growth, etc.)
  • Experience by (industry, function, etc.)
  • Skills
  • Certification And Licenses
  • Education
  • Languages Spoken

Censia. Transformative talent
found. hired. grown.