Updated: 5th February, 2019
In an effort to align recruitment operations with international and national regulations, Manatal offers a wide range of tools and features that support local compliance with regulations such as GDPR, CCPA, PDPA, and others. Some of these features include:
For more in-depth content on how Manatal supports compliance with specific regulations, please refer to the following dedicated pages:
For any custom compliance requirements, please contact our support team.
Information has always been the cornerstone of continued success. Moreso in our digital world than it ever was before, data has become a wealth one must protect. In addition, data in recruitment is of paramount importance, as it can reveal a lot of confidential information about your organization, or your applicants. Therefore, your data’s security is our first priority. That is why we have worked very hard to equip Manatal with security measures that protect your data and ensure that access is only granted to authorized users: Keeping our customers’ data secure is our top priority at Manatal, and we go to considerable lengths to ensure that all data sent through our software is handled securely – keeping the platform and the information on it secure is fundamental to our business.
Manatal’s computing infrastructure is provided by Amazon Web Services, a secure cloud services platform. Amazon’s physical infrastructure has been accredited under ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley. With the platform’s security in mind, we have architected a secure multi-tier network environment on top of our Amazon’s infrastructure to ensure that any applications or data contained within are protected and always accessible. Access to our infrastructure is tightly controlled and monitored. In addition to strong security controls, Manatal ensures that the data it collects remains available through full daily backups, retained for 30 days and tested weekly. Manatal services have been built with disaster recovery in mind.
All payment instrument processing is outsourced to Stripe. Manatal does not store your payment details and has no access to your payment information. Stripe has been audited by a PCI-certified auditor and is a certified Level 1 PCI Service Provider. This is the most stringent level of certification available in the payment industry. Your billing information will, therefore, be always secure.
We employ secure coding practices and ensure that we are at the very least protected against the OWASP Top 10 Security Risks. All of the Manatal applications undergo frequent white-box security assessments to catch any security bugs we may have missed. We have two-factor authentication (2FA) processes in place and strong password policies on GitHub, Heroku, and AWS to ensure access to cloud services is protected. The communication between your employees and our servers is encrypted with SSL encryption. All user passwords are securely hashed; passwords are never stored in plain text. All data access is protected by a role-based access-control mechanism, which only lets users view data for which they have permission. It’s impossible for users to view data from organizations other than their own.
Our staff is well trained and prepared to act quickly and efficiently in the case of a security incident. When such an incident occurs, our prevention tools immediately warn our tech teams, who will, in turn, be able to solve the issue without delay. After each incident, the protocol is updated, so that our response and intervention can be quicker next time.
Only key authorized personnel in Manatal can access your data. In order to protect your privacy, these individuals have signed a contract and agreed to never use or share the information. They access your data only when needed and strictly after receiving your authorization. With the exception of specific demands made by yourself or your company, our staff will never sell, share or retain the data for themselves. You will always be informed if your data is needed for specific tasks or activities, and permission to access it is yours to rescind. You can ask us at any given time for a report of who accessed your data, when and why.
Moreover, as our objective is to always improve our security, we periodically update our security measures. If you have a question, please do not hesitate to contact us at firstname.lastname@example.org.