HiredScore only leverages secure Third Party Vendors when required to provide services to Clients. See below for information on all vendor providers used by HiredScore, including purpose, description, and information security certifications and qualifications:
1. Amazon Web Services (AWS):
used for cloud computing services. HiredScore uses the following AWS services: EC2 for cloud services, EBS for cloud storage block devices, S3 for cloud shared file storage, RDS for cloud SQL databases, IAM for user access management, ECS for cloud container services. AWS and its services are compliant with multiple certifications, including: HIPAA, SOC 1/SSAE 16/ISAE 3402 (formerly SAS70), SOC 2, SOC 3, PCI DSS Level 1, ISO 27001, FedRAMP(SM), DIACAP and FISMA, ITAR, FIPS 140-2, CSA, MPAA, US-EU Safe Harbor. AWS hosts all services in secure and guarded centers, with all services partitioned per user and actively monitored to prevent unauthorized access to hosted systems;
2. Avanan, Inc.:
used as a protection layer on top of HiredScore mail server, to scan inbound, outbound, and internal emails and catch threats as early as possible. Avanan is a SOC2 Type II compliant service with strict protocols regarding GDPR Compliance.
3. Atlassian Pty Ltd:
used for project and issue tracking as well as document collaboration to enable knowledge management (Jira and Confluence Cloud). Atlassian ensures the highest level of security with several key certifications including: ISO27001, ISO27002, ISO27018, PCI-DSS, CSA CCM, SOC2 Type II, SOC3, and SOX 404 (IT).
4. Box:
used to store select client data in a secure, encrypted, monitored and strictly authorized way and share select client information between need-to-know personnel of HiredScore only. Box is a top-of-the-line secure data sync provider that is compliant with strict protocols and controls, including SOC 1 (SSAE16) Type II, SOC 2 Type II, SOC 3, HIPAA and HITECH.
5. Mailgun:
used to transport select application information between client’s ATS and HiredScore’s secure system. The information is transferred over secure email to Mailgun and over SSL to HiredScore’s environment. Mailgun does not store or mine the contents of emails sent and received through Mailgun, except when necessary to facilitate email sending services.
6. Google Cloud Platform:
used to store non-personally identifiable data for metrics purposes, including solution ROI, impact, and KPI in a secure, encrypted, monitored, and strictly authorized way. Google Cloud Platform has received the following security certifications and continues with annual audits for the following standards: SSAE16/ISAE 3402, ISO 27001, ISO 27017, ISO 27018, PCI DSS v3.1, HIPAA. Google data centers feature a layered security model, including safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics. All datacenter floor’s feature laser beam intrusion detection.
7. Intercom:
used as an in-application messaging platform that allows HiredScore’s account management team to interact with and assist users of the solutions as a part of their ongoing support and to troubleshoot issues. Data that may pass through Intercom is information relating to or used to provide user assistance, support requests and announcements of new features and does not include any PII or sensitive information. Intercom received the following security certifications and receives annual audits for the following standards: SSAE16/ISAE 3402/SOC 2 Type II, CSA.
8. Mixpanel:
used for tracking and event analysis to support customers using HiredScore’s products and inform the HiredScore team for product use, impact and adoption trends. Data that may pass through Mixpanel relates to licensed users and client personnel using HiredScore, which typically includes actions taken on the HiredScore product such as clicks and navigation between screens and does not include any PII or sensitive candidate information. No form and/or textual data input by users is collected and users are identified by randomly generated IDs only. Mixpanel received the following security certifications and receives annual audits for the following security standards: SOC 2 Type II, ISO 27001 Data Center, GDPR and enables companies to maintain PCI DSS and HIPAA compliance.
9. Salesforce.com (including Slack Technologies, Inc.):
used for customer relationship management. This consists mainly in storing customer and prospect data and providing marketing, billing and other services. Salesforce is a well-known cloud-based software company that applies strict security protocols regarding GDPR compliance. Salesforce security certifications include SOC 1 Type II, SOC 2 Type II, ISO 27001, ISO 27017, ISO 27018, HIPAA, and FedRamp (Moderate and High), and NSIT SP 800-171.
10. HiredEdu Ltd.:
Is HiredScore Inc’s R&D and operations subsidiary in Israel. HiredEdu is actively involved in the day to day operations of providing the HiredScore platform and service and in providing technical support to the client. HiredEdu is equally covered by HiredScore’s SOC 2 Type II audits.
Source:
https://www.hiredscore.com/third-party-list