Security

Security and Compliance

At Censia, the security of your data and your compliance with legal requirements is our top priority. Censia’s platform has robust security measures in place to safeguard the transmission and storage of the information you share with us.

Compliance

GDPR

The European Union’s General Data Protection Regulation (GDPR) took effect on May 25, 2018. It extends the reach of the European Union’s data protection laws and establishes many new requirements for organizations that fall under its scope. Censia is GDPR Compliant, more information can be found here.

California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of California. The bill was passed by the California State Legislature and signed into law on June 28, 2018. The CCPA became effective on January 1, 2020. Censia complies with all CCPA requirements and regulations and is CCPA Compliant.

censia_security-iso-iec-27001Created with Sketch.IEC 27001

ISO 27001

Censia has established and maintains a company-wide information security management system per the requirements of ISO 27001 and the AICPA Trust Services Principles, including security policies, standards, and procedures. The standard sets forth a risk-based approach that focuses on adequate and proportionate security controls that protect information assets and give confidence to interested parties.

censia_security-ofccpCreated with Sketch.

OFCCP

Censia helps companies simply and strengthen OFCCP compliant. Please email info@censia.com for more information on how Censia Talent Intelligence can help companies ensure OFCCP compliance.

Certifications

EU-U.S. Privacy Shield

The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data. Censia is Certified under the EU-U.S. Privacy Shield framework and has committed to comply with the Framework’s requirements. This commitment is enforceable under U.S. law.

SAP Endorsed Application

As an SAP Endorsed Application Partner, Censia’s Talent Intelligence Platform has undergone premium certification testing that is exclusive to SAP Endorsed Apps and available by invite only. Certification includes in-depth technical quality checks to help provide the highest quality assurance, giving customers confidence that all high-priority security and privacy vulnerabilities have been removed and the app integrates smoothly with SAP solutions.

Top Security and Privacy Features

Data Protection in the Cloud

Data Protection in the Cloud

We rely on the best in class secure service providers to ensure that your information is safe. Censia’s services run on Amazon Web Services (AWS), which is physically secure and employs modern software security techniques and is trusted by hundreds of thousands of businesses globally.

Secure APIs

Secure APIs

We protect your information as it’s being transmitted between systems. Censia integrates seamlessly with HRIS Platform systems (ATS, CRM, HRIS) without compromising the security of your data. Communication through HRIS partner APIs is HTTPS encrypted using TLS 1.2. Connections are encrypted and authenticated using AES-256 bit encryption. The Advanced Encryption Standard (AES) is used by the U.S. government to protect classified information and also used commercially to protect sensitive data in software.

Data Encryption

Data Encryption

We make your data unreadable to those who shouldn’t be reading it. In addition to encrypting API traffic to and from your HRIS systems, Censia encrypts other sensitive company data you share with us. We use the Key Management Service (KMS) through AWS to control and separate encryption keys used to encrypt your data. KMS employs Hardware Security Modules (HSMs) to protect the security of keys. Keys can never be exported from the service. All data is encrypted at rest and in transit between nodes, so you can be sure your information is secure.

Password Hashing

Password Hashing

We don’t hold on to your passwords – we never even see them. Censia never stores user passwords. We utilize a one-way, cryptographic hashing algorithm.

Secure Access Protection

Strong Access Protection

We protect customer data from other customers. Choosing a recruiting platform without strong access protections in place can pose serious security risks. Censia does not share your data with our other customers. Rigorous access controls restrict customers to their data only. Personally identifiable information from your applicants will never be available to others.

Vulnerability Testing

Vulnerability Testing

Don’t just take our word that our systems are secure. We don’t. Censia has partnered with a reputable, global information assurance specialist, 24x7, to perform objective, third-party security audits on an annual basis. Vulnerability scans are performed at both the network and application levels. The testing methods test our compliance with both WASC (Web Application Security Consortium) and OWASP (Open Web Application Security Project) standards.

Disaster Recovery

Disaster Recovery

We prepare for the worst, just in case. To become fully operational in the case of a disaster, Censia’s data is stored in an AWS Aurora, which is natively resilient. In case of an infrastructure failure, it performs an automatic failover process, ensuring minimal downtime and maximum reliability.

Security Training for your Team

Security Training for your Team

We help your team follow security best practices too. We know that the HR team members using Censia products are not seasoned, security experts. As part of our customer onboarding process and user training, our customer success team provides underlying security best practices and recommendations to all Censia product users.

Censia Personnel

Censia Personnel

Our staff is trained to handle your data correctly. Censia employees with access to sensitive customer data can only access information on a need-to-know basis for troubleshooting purposes and are required to adhere to strict privacy guidelines. For access to our production systems, all engineers use multi-factor authentication and are restricted by IP location – a process we carefully track and audit. Customer data is never copied locally onto employee computers. Additionally, all new employees are subject to a pre-employment background check to verify identity, references, criminal history, etc. As part of their onboarding, all Censia engineers agree to an Information Security Management System. The goal of an ISMS is to minimize risk and ensure business continuity by preventing unauthorized access to data and limiting the impact in the unlikely event of a security breach.