The Workable security and performance promise ensures that you have stable access to the tools you need, and stay data compliant.
Workable is robust and secure; the security and performance of Workable is our number one priority. Customers use our software with confidence that the highest standards and best practices are maintained.
Workable is deployed on Heroku and Amazon Web Services (AWS). Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes AWS technology.
AWS’s data center operations have been accredited under:
- ISO 27001
SOC 1 and SOC 2/SSAE 16/ISAE 3402
(Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
Read more about:
SSL & Encryption
All traffic between our clients and the Workable servers is SSL encrypted. SSL certificates are created by using RSA and DSA based ciphers. We adhere to the
recommended security policies
provided by Amazon ELB. We also use HSTS policy to protect Workable against protocol downgrade attacks and cookie hijacking.
Workable is ISO 27001 certified. Our recruiting software and operating environment meet with the highest worldwide security and data protection standards. Independent accreditation is measured through regular audits. Internally, ongoing cyber-security training reinforces the robust protection provided by our software and systems.
Backup process &
data retention policy
If production facilities at Heroku’s primary data centers are rendered unavailable, Heroku’s will use disaster recovery facilities geographically remote from their primary locations.
Workable also has a hot-standby follower database should the primary database be inaccessible for any reason.
Authorized Workable employees are given access only to the resources that are required for their role, following the principle of least privilege. Authentication to access these resources is always password-based and login credentials are always transmitted encrypted, over https.
Credit card data
Credit card information is encrypted on the client using our payment gateway, Braintree. Workable does not store credit card data. All credit card information is stored on Braintree which is is a validated
Level 1 PCI DSS Compliant Service Provider.
External security testing
We work with HackerOne to test Workable for vulnerabilities and ensure any faults are identified as quickly as possible.
3rd Party Access to Data
Your data is safe with Workable, we don’t sell data to 3rd parties.
We guarantee 99.8% uptime (excluding scheduled maintenance).
We are continuously updating Workable to provide an excellent product and experience for our users. Most updates take place with no downtime at all. In cases where some downtime is required we keep it to an absolute minimum, typically between 10 to 20 minutes. Any scheduled downtime is announced at least one business day in advance and is scheduled during off-peak hours, typically Sunday evenings. All incidents and scheduled downtime are announced on our
Status Page where users can subscribe for live email or SMS updates.
EU Data Protection
Companies in the EU can use Workable with confidence. Workable adheres to all the necessary data protection regulations. Now Safe Harbor has been declared invalid by the ECJ, we’ve implemented model clauses between our UK subsidiary and US subsidiary. Furthermore, the
AWS Data Processing Agreement
includes the model clauses.
Workable is a GDPR compliant partner, with tools and features that will help your organization towards their own GDPR compliance.
Single sign-on (SSO)
Functioning alongside your existing recruiting workflow, our single sign-on (SSO) feature provides an extra level of security. Once activated, use your chosen one-step authentication method to log into Workable and access your data. Workable integrates with SSO services that support SAML (Security Assertion Markup Language).
Some of the providers we integrate with include:
- Microsoft Azure Active Directory
- Google Apps