Maintaining the security of your data is our priority
Our recruitment software is used to store and process personal and sensitive information on behalf of millions of candidates. As a business we have invested heavily in ensuring we have the right team to achieve and maintain the highest level of security of your data.
Our Information Security Management team are supported not only by our own team of developers, software testers, Certified GDPR practitioners and our Data Protection Officer but also independent security experts who continually monitor and help to improve security and protect your data.
networx have been a G Cloud Approved Supplier of Software for a number
The G-Cloud Digital Marketplace is the online platform that all public sector organisations can use to find and buy cloud-based services.
ISO 270001: 2017 Certified
As an organisation, networx have undergone the rigorous exercise to become ISO 27001:2017 compliant.
This means that not only do we have the right processes and policies in place to manage security risks efficiently but clients and candidates can be confident that these processes and policies have been fully assessed and meet the high quality standards required to
networx are registered as an approved supplier on the FSQS. FSQS is a supplier qualification system for the financial sector that objectively assesses potential vendor risks, proportionally to products and services being provided and across areas of compliance.
Data is held in the cloud by global hosting provider, Rackspace who offer one of the most secure hosting services available and provide access to your data 24/7/365. Their EU data centre is located in Heathrow, UK.
In addition Rackspace constantly monitor our network traffic and notify us immediately by text and email to alert us of any suspicious activity/ anomalies via their active 24/7 monitoring and Alerts service. Rackspace are also SOC-1
and ISO 27001 accredited.
Data Backup/Data Recovery
We run multiple database servers. Should a server have any kind of failure our infrastructure will automatically and seamlessly switch to another server to ensure there is no interruption to the service. We perform daily backups which are retained for a two week period to allow us to recover data should the need arise.
Data is protected through encryption both ‘in transit’ and ‘at rest’. Encryption of data ‘in transit’ stops anyone being able to access, intercept, read, copy or duplicate files as they are being sent. Highly sensitive information such as bank details can also be encrypted ’at rest’ to ensure that should the data ever be stolen, it cannot be accessed or viewed.
To further protect any personal or sensitive information collected from or about the candidate, all data captured from candidate’s is pseudonymised to make it difficult to associate the information stored with the candidate’s account should it be accessed by unauthorised individuals.
Access to Data
Access to client data for networx employees is assigned by need. Client user access is controlled according to each clients requirements. User access rights can only be changed following a request from authorised personnel.
Predefined lists of authorised email domains prevent data from being sent to anyone outside of your organisation either by mistake or intentionally.
Option to remove the print functionality, removes the ability for users to create hard copies of candidate data and the associated security issues.
We employ an independent provider to conduct regular Penetration Testing across our software. This is essentially a controlled form of hacking which allows us to identify any weaknesses before anyone else does. Our software is fully penetration tested and validated on an annual basis by SEC-1.
Sec-1 uses a blend of methodologies taken from industry best practice standards such as the Open Source Security Testing Methodology Manual (OSSTMM), the Open Web Application Security Project (OWASP) and the Council of Registered Ethical Security Testers (CREST). Annual independent penetration tests are run in September/October each year. We perform our own penetration tests using an automated tool provided by SEC-1 every month. Reliability and functional user testing is also incorporated.
All development work is handled internally within our technical team at our Head Office in Otley. We run a formalised 3 monthly development cycle and all developments are subject to rigorous testing processes before being released.