Security

Security and Compliance


The security of your data and your company’s compliance with legal requirements are our top priorities. Censia’s platform has robust security measures in place to safeguard the transmission and storage of the information you share with us.

Compliance

GDPR

Censia is compliant with European Union General Data Protection Regulations (GDPR) and supports customers’ compliance programs. Learn more here.

California Consumer Privacy Act (CCPA)

Censia complies with all CCPA requirements and regulations and is CCPA Compliant. The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of California.

OFCCP

Censia supports both the record-keeping and evaluation standards established by the Office of Federal Contract Compliance Programs (OFCCP) and helps companies simplify and strengthen OFCCP compliance. Learn more here.

Certifications

censia_security-iso-iec-27001Created with Sketch.IEC 27001

ISO 27001

Censia is ISO 27001:13 certified. Censia has established and maintains a company-wide information security management system per the requirements of ISO 27001 and the AICPA Trust Services Principles, including security policies, standards, and procedures.

SAP Endorsed Application

Censia is an SAP Endorsed Application Partner. Censia’s Talent Intelligence Platform has undergone extensive certification testing exclusive to SAP Endorsed Apps. Certification includes in-depth technical quality checks to provide the highest quality and security assurance and confirm that it integrates seamlessly with SAP solutions.

Top Security and Privacy Features

Data Protection in the Cloud

Data Protection in the Cloud

Censia only uses the best-in-class service providers to ensure information safety. Censia’s services run on Amazon Web Services (AWS), which is physically secure, employs modern software security techniques, and is trusted by hundreds of thousands of businesses globally.

Secure APIs

Secure APIs

Censia protects information as it’s being transmitted between systems and integrates seamlessly with existing platform systems (ATS, CRM, HRIS) without compromising data security. Communication through HRIS partner APIs is HTTPS encrypted using TLS 1.2. Connections are encrypted and authenticated using AES-256 bit encryption. The U.S. government uses the Advanced Encryption Standard (AES) to protect classified information and software companies to protect sensitive data.

Data Encryption

Data Encryption

Censia encrypts user data to ensure privacy. In addition to encrypting API traffic to and from HRIS systems, Censia encrypts other sensitive company data shared with it. We use the Key Management Service (KMS) through AWS to control and separate encryption keys. KMS employs Hardware Security Modules (HSMs) to protect the security of keys. All data is encrypted at rest and in transit between nodes, ensuring complete data privacy.​

Password Hashing

Password Hashing

Censia never views or stores user passwords and utilizes a one-way cryptographic hashing algorithm to protect your privacy.

Secure Access Protection

Strong Access Protection

Censia protects customer data from other customers using rigorous access controls that restrict customers to their data only. Personally identifiable information from your applicants and other sensitive data will never be available to other customers.​

Vulnerability Testing

Vulnerability Testing

Censia has partnered with a reputable, global information assurance specialist, 24x7, to perform objective, third-party security audits annually. Vulnerability scans are performed at both the network and application levels. The testing methods test our compliance with both WASC (Web Application Security Consortium) and OWASP (Open Web Application Security Project) standards.

Disaster Recovery

Disaster Recovery

Censia stores data in an AWS Aurora, which is natively resilient and ensures that Censia remains fully operational in case of a disaster. In case of an infrastructure failure, AWS Aurora performs an automatic failover process, ensuring minimal downtime and maximum reliability.

Security Training for your Team

Security Training for your Team

Censia understands that most HR teams are not seasoned security experts and has a rigorous onboarding and user training process that ensures each user understands and uses the best security practices.

Censia Personnel

Censia Personnel

All Censia staff undergoes regular and extensive security training to ensure that all data is handled correctly. Censia employees with access to sensitive customer data can only access information on a need-to-know basis for troubleshooting purposes and are required to adhere to strict privacy guidelines. For access to our production systems, all engineers use multi-factor authentication and are restricted by IP location – a process that is tracked and audited. Customer data is never copied locally onto employee computers. Additionally, all new employees are subject to a pre-employment background check to verify identity, references, criminal history, etc. As part of their onboarding, all Censia engineers use an Information Security Management System (ISMS), which minimizes risk and ensures business continuity by preventing unauthorized access to data and limiting the impact in the unlikely event of a security breach.​