Secure and scalable

The Workable security and performance promise ensures that you have stable access to the tools you need, and stay data compliant.

Workable is robust and secure; the security and performance of Workable is our number one priority. Customers use our software with confidence that the highest standards and best practices are maintained.

Workable is deployed on Heroku and Amazon Web Services (AWS). Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes AWS technology.

AWS’s data center operations have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402
    (Previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

workable

SSL & Encryption

All traffic between our clients and the Workable servers is SSL encrypted. SSL certificates are created by using RSA and DSA based ciphers. We adhere to the recommended security policies provided by Amazon ELB. We also use HSTS policy to protect Workable against protocol downgrade attacks and cookie hijacking.

Backup process &
data retention policy

Heroku automates the backup process and maintains a transaction log of the last 7 days. Workable keeps full daily backups of data for the last 50 days.
Heroku: Data safety and continuous protection

Disaster Recovery

If production facilities at Heroku’s primary data centers are rendered unavailable, Heroku’s will use disaster recovery facilities geographically remote from their primary locations.

Workable also has a hot-standby follower database should the primary database be inaccessible for any reason.

Access control

Authorized Workable employees are given access only to the resources that are required for their role, following the principle of least privilege. Authentication to access these resources is always password-based and login credentials are always transmitted encrypted, over https.

Credit card data

Credit card information is encrypted on the client using our payment gateway, Braintree. Workable does not store credit card data. All credit card information is stored on Braintree which is is a validated Level 1 PCI DSS Compliant Service Provider.

External security testing

We work with BugCrowd to test Workable for vulnerabilities and ensure any faults are identified as quickly as possible. BugCrowd works with many other security conscious companies like DropBox, Twilio and Pinterest.

3rd Party Access to Data

Your data is safe with Workable, we don’t sell data to 3rd parties.

Uptime

We guarantee 99.8% uptime.

Scheduled Maintenance

We are continuously updating Workable to provide an excellent product and experience for our users. Most updates take place with no downtime at all. In cases where some downtime is required we keep it to an absolute minimum, typically between 10 to 20 minutes. Any scheduled downtime is announced at least one business day in advance and is scheduled during off-peak hours, typically Sunday evenings. All incidents and scheduled downtime are announced on our Status Page where users can subscribe for live email or SMS updates.

EU Data Protection

Companies in the EU can use Workable with confidence. Workable adheres to all the necessary data protection regulations. Now Safe Harbor has been declared invalid by the ECJ, we’ve implemented model clauses between our UK subsidiary and US subsidiary. Furthermore, the AWS Data Processing Agreement includes the model clauses. Read more about Workable and the EU Data Directive.

Try Workable free for 15 days

Use the free trial to source candidates, advertise jobs and manage applications with your team. There’s no download required.

Start a free trial

Easy to set-up | No credit card needed