Protecting Your Information

Our Commitment to You

At SeekOut, the security of our customers’ data and compliance with legal requirements are our top priorities. SeekOut is committed to earning and maintaining the trust of our customers. We design our software and business practices to protect customer data. SeekOut’s software platform and corporate policies & procedures are compliant with global standards and trusted by many Fortune 500 enterprises.

 

CLOUD SECURITY


SeekOut’s services run on Microsoft Azure, which is physically secure, employs modern software security techniques, and requires multi-factor authentication for access. The Azure cloud infrastructure has more certifications than any other cloud provider including SOC 2, ISO/IEC, CSA/CCM, ITAR, CJIS, HIPAA and IRS 1075.

DATA ACCESS


Access to customer data is provided to SeekOut employees on a need-to-know basis. Specifically, SeekOut employees can only access customer data when necessary to investigate and resolve a customer issue and only after receiving approval from the customer to do so. The development team cannot access customer data for any other purpose and does not test SeekOut software with customer data. We review our access policies and access rights to our systems at least annually.

SECURITY FRAMEWORK


SeekOut employs a security management system based on ISO27001 framework. This framework guides our approach to policy and procedures related to legal, physical, and technical controls for security.

CONFIDENTIALITY


All SeekOut team members are required to sign an agreement that protects the security and privacy of our customers.

DATA ENCRYPTION


All customer data is encrypted in transit and at rest. The SeekOut service can only be accessed by secure HTTPS connection and all customer data is encrypted using AES-256. The encryption keys are managed and rotated by Microsoft Azure.

PASSWORD HASHING


SeekOut never stores or transmits user passwords as plain text. We utilize a one-way, cryptographic hashing algorithm known as Bcrypt, an industry standard for password hashing.

BACKUP


All SeekOut data is backed up daily. Those backups are geographically distributed and can be recovered quickly. SeekOut has never lost any customer data.

PHYSICAL SECURITY


SeekOut is entirely hosted on Microsoft Azure servers which are architected to the highest security standards and SOC 2 Type 2 Certified.

SEEKOUT TEAM ACCESS CONTROL


SeekOut has a formal Access Control policy which includes role-based access to all resources and unique ID for all team members. In addition, we have standards and systems for role-based security, password strength & change frequency enforcement, and protections against brute force login attempts.

INCIDENT RESPONSE AND NOTIFICATION


We have never had a security breach. If we were to suffer a security breach or other event that compromises the integrity of customer data, we would notify all customers within 24 hours.

TRAINING


Every new SeekOut employee receives training on SeekOut’s Security, Confidentiality, and Data Protection policies and all employees receive updated security training at least annually.

NETWORK MONITORING AND PROTECTION


SeekOut monitors and responds to all security events, reviews firewall rules and monitors for attacks, including Denial of Service (DoS) attacks. We monitor service availability and performance.

PENETRATION TESTING


At least annually, a third party performs penetration testing of SeekOut’s cloud environment, web applications, and network configuration to detect any potential security vulnerabilities. We quickly remediate any issues discovered in penetration testing. Our last penetration test was conducted in December, 2019.

INCIDENT RESPONSE AND NOTIFICATION


We have never had a security breach. If we were to suffer a security breach or other event that compromises the integrity of customer data, we would notify all customers within 24 hours.

DISASTER RECOVERY AND BUSINESS CONTINUITY


SeekOut has a business continuity and disaster recovery plan and tests the plan annually. Our data backup and recovery procedures support our business continuity plan.

AUTOMATED SECURITY ASSESSMENT


SeekOut uses Microsoft Azure Security Center to run daily automatic scans to assess our systems for vulnerabilities and configuration issues.

DATA PROTECTION OFFICER


SeekOut has an appointed Data Protection Officer who is responsible for documentation and implementation of our Data Protection policies and procedures.

SECURE APIS


We protect your information as its transmitted between systems. SeekOut integrates seamlessly with your applicant tracking system (ATS) without compromising the security of your data. Communication through ATS partner APIs is HTTPS encrypted using TLS 1.2. The connection is encrypted and authenticated using AES-128 bit encryption. The Advanced Encryption Standard (AES) is used by the U.S. government to protect classified information and also used commercially to protect sensitive data in software.

SEEKOUT CUSTOMER ACCESS CONTROL


For customers who want unified access control, SeekOut supports SAML-based single sign-on provisioning systems.

GDPR


SeekOut is GDPR Compliant and US/EU Privacy Shield Certified. Learn more about SeekOut and GDPR.

CCPA


SeekOut is compliant with the 2020 California Consumer Privacy Act (CCPA).

EEO AND OFCCP COMPLIANCE


For customers who require Office of Federal Contract Compliance Programs (OFCCP) compliance monitoring, SeekOut can meet standards for OFCCP record keeping and reporting. SeekOut has many customers who are federal contractors. Learn more about SeekOut and OFCCP

SOC 2


SeekOut is compliant with SOC 2. We are currently undergoing SOC 2 Type 2 certification and expect to receive certification in 2020.