Workable takes information security seriously. We do this to protect your organization and the information of every candidate applying to work with you.
Our platform is robust and secure - however large or small your candidate database is, we’ve got the controls in place to securely manage your most valuable asset: Your candidates’ confidential data.
We aim to be clear and open about our security measures. We comply with the highest globally recognized security standards. Workable is certified with:
- ISO 27001: Information Security Management System (ISMS)
- ISO 27017: Security Controls for the Provision and Use of Cloud Services
- SOC 2 type II: Security, Availability, and Confidentiality Principles (to receive a copy of the SOC 2 report, please contact your Account Manager)
- SOC 3
Workable is also a GDPR-compliant partner. Companies collecting and processing EU data can manage and maintain GDPR compliance using our tools and features.
In Workable:
- Your data is encrypted in transit using security best practices
- Your data is safe as we provide disaster recovery and incident management/response
- In addition to the security components provided by our top-level cloud providers (Google and AWS), we maintain a dedicated web application firewall and provide an additional level of security with single sign-on (SSO)
- We maintain extensive security logs, which are analyzed for security events and abnormalities
- We invest in technical security assessments performed by 3rd-party audit experts
- We hold internal red teaming activities
- Our employees are continuously trained on privacy and security matters
Workable has taken many steps throughout the years to build its internal compliance but also align the product with Privacy Laws, such as the General Data Protection Regulation (GDPR and UK GDPR), the California Consumer Protection Act (CCPA), the California Privacy Rights Act (CPRA) and relevant decisions of supervisory authorities, to make sure it stays compliant but at the same time Workable offers a compliant product to its Customers.
Workable implements the so-called privacy by design and by default in various ways. We have built a GDPR feature that allows customers subject to the GDPR to manage compliance requirements directly from the Workable platform. For example, through the candidate’s profile, the customer can exercise the candidate’s right to correct their information, delete their profile, and to give them access to their information.
Our customers can obtain candidate consent by default through a check box on every Workable-generated application form. We also assist our customers in adhering to the data minimization principle by embedding retention periods that trigger the automatic deletion of candidates once the retention period has expired. We also equip customers with transparency tools; for example, we provide a Template Recruitment Privacy Policy to help customers draft or adjust their Privacy Policy.
Internally, Workable also takes measures to comply with the GDPR. We have appointed a Data Protection Officer and set up procedures to deal timely with data subjects’ requests. We maintain an updated record of all data processing activities and have dedicated systems and processes in place to ensure compliance, such as an Incident Management Process, a Retention and Disposal Policy, and a Business Continuity Process.
👉 Find more details on Workable's security practices.