Workable takes information security seriously. We do this to protect your organization and the information of every candidate applying to work with you.
Our platform is robust and secure - however large or small your candidate database is, we’ve got the controls in place to securely manage your most valuable asset: Your candidates’ confidential data.
We thoroughly follow industry standards and our own best practices. Workable is ISO 27001:2013 certified, ISO 27017:2015 certified, and SOC 2 type 1 certified, which means we meet the highest worldwide security standards. We aim to be as clear and open as possible about our security measures.
Workable is a GDPR-compliant partner. Companies collecting and processing EU data can manage and maintain GDPR compliance using our tools and features.
In Workable:
- Your data is encrypted in transit using security best practices
- Your data is safe as we provide disaster recovery and incident management and response
- In addition to the security components provided by our top-level cloud providers (Google and AWS), we maintain a dedicated web application firewall and provide an additional level of security with single sign-on (SSO)
- We maintain extensive security logs which are analyzed for security events and abnormalities
- We invest in technical security assessments performed by 3rd-party audit experts
- We hold internal red teaming activities
- Our employees are continuously trained on privacy and security matters
Workable has taken many steps throughout the years to build its internal compliance but also align the product with Privacy Laws, such as the General Data Protection Regulation (GDPR and UK GDPR), the California Consumer Protection Act (CCPA), the California Privacy Rights Act (CPRA) and relevant decisions of supervisory authorities, to make sure it stays compliant but at the same time Workable offers a compliant product to its Customers.
Workable implements the so-called privacy by design and by default in various ways. We have built a GDPR feature that allows customers subject to the GDPR to manage compliance requirements directly from the Workable platform. For example, through the candidate’s profile, the customer can exercise the candidate’s right to correct their information, delete their profile, and to give them access to their information. Our customers can obtain candidate consent by default through a check box on every Workable-generated application form. We also assist our customers to adhere to the data minimization principle by embedding retention periods which trigger the automatic deletion of candidates once the retention period has expired. We also equip customers with transparency tools, for example, we provide a Template Recruitment Privacy Policy to help customers draft or adjust their Privacy Policy.
Internally, Workable also takes measures to comply with the GDPR. We have appointed a Data Protection Officer and set up procedures to deal timely with data subjects’ requests. We maintain an updated record of all data processing activities and we have dedicated systems and processes in place to ensure compliance such as an Incident Management Process, a Retention and Disposal Policy, and a Business Continuity Process.
Find more details on Workable's security practices.