Security

GDPR

Censia is compliant with European Union General Data Protection Regulations (GDPR) and supports customers’ compliance programs. Learn more here.

CALIFORNIA CONSUMER PRIVACY ACT (CCPA)

Censia complies with all CCPA requirements and regulations and is CCPA Compliant. The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of California.

SAP ENDORSED APPLICATION

Censia is an SAP Endorsed Application Partner. Censia’s Talent Intelligence Platform has undergone extensive certification testing exclusive to SAP Endorsed Apps. Certification includes in-depth technical quality checks to provide the highest quality and security assurance and confirm that it integrates seamlessly with SAP solutions.

DATA ENCRYPTION

Censia encrypts user data to ensure privacy. In addition to encrypting API traffic to and from HRIS systems, Censia encrypts other sensitive company data shared with it. We use the Key Management Service (KMS) through AWS to control and separate encryption keys. KMS employs Hardware Security Modules (HSMs) to protect the security of keys. All data is encrypted at rest and in transit between nodes, ensuring complete data privacy.​

PASSWORD HASHING

Censia never views or stores user passwords and utilizes a one-way cryptographic hashing algorithm to protect your privacy.

STRONG ACCESS PROTECTION

Censia protects customer data from other customers using rigorous access controls that restrict customers to their data only. Personally identifiable information from your applicants and other sensitive data will never be available to other customers.​

VULNERABILITY TESTING

Censia has partnered with a reputable, global information assurance specialist, 24×7, to perform objective, third-party security audits annually. Vulnerability scans are performed at both the network and application levels. The testing methods test our compliance with both WASC (Web Application Security Consortium) and OWASP (Open Web Application Security Project) standards.

DISASTER RECOVERY

Censia stores data in an AWS Aurora, which is natively resilient and ensures that Censia remains fully operational in case of a disaster. In case of an infrastructure failure, AWS Aurora performs an automatic failover process, ensuring minimal downtime and maximum reliability.

SECURITY TRAINING FOR YOUR TEAM

Censia understands that most HR teams are not seasoned security experts and has a rigorous onboarding and user training process that ensures each user understands and uses the best security practices.

CENSIA PERSONNEL

All Censia staff undergoes regular and extensive security training to ensure that all data is handled correctly. Censia employees with access to sensitive customer data can only access information on a need-to-know basis for troubleshooting purposes and are required to adhere to strict privacy guidelines. For access to our production systems, all engineers use multi-factor authentication and are restricted by IP location – a process that is tracked and audited. Customer data is never copied locally onto employee computers. Additionally, all new employees are subject to a pre-employment background check to verify identity, references, criminal history, etc. As part of their onboarding, all Censia engineers use an Information Security Management System (ISMS), which minimizes risk and ensures business continuity by preventing unauthorized access to data and limiting the impact in the unlikely event of a security breach.​