At Entelo, respecting candidates’ rights is core to our values and making sure compliance is top of mind isn’t just the right thing to do for things like EU-U.S. Privacy Shield Framework. Protecting our data is the right thing to do for our customers, candidates and anyone Entelo does business with. In addition to GDPR compliance, there are some additional ways Entelo protects its data.
Entelo makes your data unreadable to those who shouldn’t be reading it. Entelo encrypts sensitive company data you share with us. All data is encrypted at rest and in transit between nodes, so you can be sure your data is secure. Entelo integrates seamlessly with applicant tracking systems (ATS) and communication through ATS partner APIs is HTTPS encrypted using TLS 1.2 protocol. The connection is encrypted and authenticated using AES-128 bit encryption. The Advanced Encryption Standard (AES) is used by the U.S. government to protect classified information and also used commercially to protect sensitive data in software.
We can’t read your passwords – we never even see them. Entelo never stores user passwords in the clear. We utilize Bcrypt, an industry standard, for password hashing to make sure your password is for you and you alone.
We protect customer data from other customers. Choosing a recruiting platform without strong access protections in place can pose serious security risks. Entelo does not share your data with our other customers. Rigorous access controls restrict customers to their data only. Personally identifiable information from your applicants will never be available to others.
Don’t just take our word that our systems are secure. We don’t. Entelo has partnered with a reputable, global information assurance specialist, NCC Group, to perform objective, third-party security audits and penetration tests on an annual basis. The testing methods assure our compliance with the leading security standards groups.
We prepare for the worst, just in case. To remain fully operational in the case of a disaster, Entelo’s data is stored in physically distinct, independent infrastructures, uniquely designed to be highly reliable. In an emergency, you can be sure we will respond in a calm and quick manner. Entelo’s services run on Amazon Web Services (AWS), which is constantly monitored, highly automated, and highly available. Additionally, it meets many global security standards including ISO 27001, SOC, PCI, and FedRAMP.
Our staff is trained to handle your data correctly. Entelo employees with access to customer data can only access information on a need-to-know basis and are required to adhere to strict privacy guidelines. All employees undergo background checks and our engineers must take yearly security training. Additionally, we help our customers’ HR teams by providing security best practices and recommendations to all Entelo product users.
We’re serious about security Entelo’s SOC 2 Report covers the AICPA’s Trust Services Principles and Criteria for security, availability, confidentiality, and privacy. The report also includes a mapping of the controls tested to ISO/IEC 27001:2013 Annex A / ISO/IEC 27002:2013, ISO/IEC 27017:2015, ISO/IEC 27018:2014, HIPAA security requirements, and FFIEC’s examination guidelines for GLBA Information Security. That's a whole lot of acronyms that mean commitment to security, confidentiality and privacy.
At Entelo, security is our constant focus and core to every decision we make, across all facets of the company. We are very proud of the Entelo security team for working diligently to put us at the forefront of industry security standards, while continuously looking ahead for ways to strengthen our practices and operations, both in our products, internal operations and through sharing our knowledge with customers.