JobAdder Trust Centre

You own and control your data. We protect and defend it.

Our commitment to recruitment agencies, staffing firms and talent acquisition teams

To be transparent about our operations, policies and technologies

To ensure the security, compliance and privacy of your data

To support and empower the privacy decisions of every single user

Information security certifications

We’re proud that JobAdder has achieved internationally recognised ISO 27001:2013 certification. This standard demonstrates JobAdder’s commitment to global best practice, having implemented a robust approach to protect your data. JobAdder is audited regularly to maintain the certification status.

You can view our certification here.

We use Amazon Web Services (AWS) as our host operating system in the cloud. Security and compliance is therefore a shared responsibility between AWS and JobAdder. We’re responsible for securing your data, while AWS is responsible for securing the infrastructure that hosts it. Amazon’s data centre operations have been audited and certified under:

ISO 27001
SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
PCI Level 1
Federal Information Security Management Act – Moderate
Sarbanes-Oxley (SOX)

Data centre locations

High technical and physical security

Resilience to disasters and data loss

Energy efficiency and sustainability

Security controls

JobAdder uses Cloudflare for WAF (web application firewall) and DDoS (distributed denial-of-service) mitigations
AWS Network Load Balancer restricts access to only required ports/services
AWS security groups are utilised for network segmentation on a least access model
Application server operating systems hardened to provide only necessary ports, protocols, services and applications as part of the baseline standard build
CAIQ (Consensus Assessments Initiative Questionnaire) and pen-tests are available on request. To view JobAdder’s Penetration Test Policy, please click here

Web and application servers run on the latest version on a hardened Windows Server Linux AMI
Windows updates, hotfixes and service packs are applied promptly
Port blocking is set at the network setting level
RDP connection encryption level is set to high and only accessible via VPN connection
Unnecessary services are disabled
Windows Defender and Crowdstrike are enabled and set to be updated daily
Logs are shipped to New Relic for monitoring and alerting
For a full list of JobAdder’s Security FAQs, please click here

JobAdder is cloud-based to ensure data is securely encrypted and stored in AWS data centres
Data can be restored from backup and regular backups take place nightly and weekly

In the case of any unforeseen incidents Disaster Recovery and Business Continuity Plans are in place, as part of our ISO27001 certification
JobAdder utilises AWS multiple Availability Zones (AZ) to remain resilient in the face of most failure modes
JobAdder has two AZs in each region and tests are conducted regularly to ensure different disaster scenarios are mapped and planned for

JobAdder has a Multi-Factor Authentication (MFA) feature, which requires two proofs of identity (JobAdder password and authenticator app code on the user’s mobile) to grant access to your JobAdder account.

Single Sign-On (SSO) is available for increased security. JobAdder integrates with a third-party SaaS product, Auth0, which supports a range of enterprise authentication mechanisms, including OpenID Connect (OIDC) and Security Assertion Markup Language (SAML):

Click here to learn about using OIDC with JobAdder.

Click here to learn more about using SAML with JobAdder.

Other protocols offered by Auth0 are available if required, including:

Google Workspace
Microsoft Azure AD
ADFS
Active Directory/LDAP
PingFederate

Platform compliance

General Data Protection Regulation (GDPR) plays a significant part in recruitment when it comes to collecting, handling and sharing candidate data.

With respect to candidate and client information that is stored in the JobAdder system:

You are the data controller and hold the direct relationship with your clients and candidates. You retain ownership of the client and candidate records that you store within your JobAdder account.

JobAdder, as the data processor, acts on your instructions when processing the candidate and client information stored in your JobAdder account.

JobAdder has a number of features to support your GDPR compliance:

Data processing opt-in policy: GDPR-compliant opt-in functionality on Job Application forms, with customisable text and data processing policy link
Pending candidates: Candidates are held in a ‘pending’ state until prerequisite requirements are met (eg. send privacy notice)
Auto-delete pending candidates: Candidates that are still in a ‘pending’ state past the one-month grace period will be automatically deleted
Export records: Manually respond to subject access requests by exporting the candidate record
Candidate Portal: Automatically respond to subject access requests by sending candidates a link to their CareerUpdate profile
Email and SMS templates: Email and SMS templates can be configured to fulfil the rectification and right to erasure notification obligations

Read JobAdder’s GDPR Terms
Read JobAdder’s Privacy Policy

Subprocessors
JobAdder uses third-party subprocessors to assist in the service we provide. Read the full list of subprocessors here.

Performance

JobAdder is committed to providing high availability and is transparent with customers about this, which means you can visit our status page anytime to quickly see if the JobAdder platform, or any related services, are experiencing any degradation. You can also see our standard Service Level Agreement (SLA) here.

JobAdder welcomes feedback from security researchers and the general public to help improve our security. If you believe you have discovered a vulnerability, privacy issue, exposed data, or other security issues in any of our assets, we want to hear from you. This policy outlines steps for reporting vulnerabilities to us, what we expect, what you can expect from us.