Secure and scalable

The Workable security and performance promise ensures that you have stable access to the tools you need, and stay data compliant.

Workable is robust and secure; the security and performance of Workable is our number one priority. Customers use our software with confidence that the highest standards and best practices are maintained.

Workable is deployed on Heroku and Amazon Web Services (AWS). Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes AWS technology.

AWS’s data center operations have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402
    (Previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)


SSL & Encryption

All traffic between our clients and the Workable servers is SSL encrypted. SSL certificates are created by using RSA and DSA based ciphers. We adhere to the recommended security policies provided by Amazon ELB. We also use HSTS policy to protect Workable against protocol downgrade attacks and cookie hijacking.

ISO 27001:2013

Workable is ISO 27001 certified. Our recruiting software and operating environment meet with the highest worldwide security and data protection standards. Independent accreditation is measured through regular audits. Internally, ongoing cyber-security training reinforces the robust protection provided by our software and systems.


Backup process &
data retention policy

Heroku automates the backup process and maintains a transaction log of the last 7 days. Workable keeps full daily backups of data for the last 50 days.
Heroku: Data safety and continuous protection

Disaster Recovery

If production facilities at Heroku’s primary data centers are rendered unavailable, Heroku’s will use disaster recovery facilities geographically remote from their primary locations.

Workable also has a hot-standby follower database should the primary database be inaccessible for any reason.

Access control

Authorized Workable employees are given access only to the resources that are required for their role, following the principle of least privilege. Authentication to access these resources is always password-based and login credentials are always transmitted encrypted, over https.

Credit card data

Credit card information is encrypted on the client using our payment gateway, Braintree. Workable does not store credit card data. All credit card information is stored on Braintree which is is a validated Level 1 PCI DSS Compliant Service Provider.

External security testing

We work with HackerOne to test Workable for vulnerabilities and ensure any faults are identified as quickly as possible.

3rd Party Access to Data

Your data is safe with Workable, we don’t sell data to 3rd parties.


We guarantee 99.8% uptime (excluding scheduled maintenance).

Scheduled Maintenance

We are continuously updating Workable to provide an excellent product and experience for our users. Most updates take place with no downtime at all. In cases where some downtime is required we keep it to an absolute minimum, typically between 10 to 20 minutes. Any scheduled downtime is announced at least one business day in advance and is scheduled during off-peak hours, typically Sunday evenings. All incidents and scheduled downtime are announced on our Status Page where users can subscribe for live email or SMS updates.

EU Data Protection

Companies in the EU can use Workable with confidence. Workable adheres to all the necessary data protection regulations. Now Safe Harbor has been declared invalid by the ECJ, we’ve implemented model clauses between our UK subsidiary and US subsidiary. Furthermore, the AWS Data Processing Agreement includes the model clauses.

Workable is a GDPR compliant partner, with tools and features that will help your organization towards their own GDPR compliance.

Single sign-on (SSO)

Functioning alongside your existing recruiting workflow, our single sign-on (SSO) feature provides an extra level of security. Once activated, use your chosen one-step authentication method to log into Workable and access your data. Workable integrates with SSO services that support SAML (Security Assertion Markup Language).

Some of the providers we integrate with include:
  • OneLogin
  • Okta
  • Microsoft Azure Active Directory
  • Google Apps
  • Centrify
  • Auth0
  • PingFederate

Get a demo

See how Workable streamlines
the hiring process.

Get a demo

Start a free trial now

Try Workable free for 15 days,
no credit card required.

Free trial