Compliance
      Back to home
      1. Help Center
      2. Reporting & Compliance
      3. Compliance

      Security of the CareerPlug system

      How secure is CareerPlug?

      The short answer: very.

      The long answer: CareerPlug employs procedural and technological measures to protect our clients’ personally identifiable information. These measures are reasonably designed to help protect clients’ personally identifiable information from loss, unauthorized access, disclosure, alteration, or destruction. CareerPlug may use software, Transport Layer Security (TLS) encryption, password protection, firewalls, internal restrictions, and other security measures to help prevent unauthorized access to clients’ personally identifiable information.

      CareerPlug’s data is stored by Amazon Web Services, a leading provider of cloud storage that has many policies in place for data security (see some below). CareerPlug does not store any credit card information on our internal systems or network. Instead, we use Chargify.com to process client credit card information. Here is more information on Chargify’s security policies.

      AWS is one of the leading providers of cloud storage and has many policies in place to ensure data security.

      Here are some of them:

      • AWS has and exercises a process to maintain current patch levels of software running on their systems.
      • AWS uses anti-malware controls on their servers.
      • AWS practices effective electronic data destruction procedures when their hardware is recycled for repair or removed for disposal (all client data stored on AWS servers is destroyed per NIST DOD protocols).
      • Data is purged from AWS services 60 days after an account terminates its agreement with CareerPlug. No data is deleted until this time unless specifically requested by the client.
      • AWS has regular information security audits/evaluations and tests and evaluations of key security controls.
      • AWS conducts penetration tests annually in order to test its software for security vulnerabilities.
      • AWS runs criminal background checks on all of its employees and provides extensive training on data security for new and current employees.
      • AWS requires SSH (Secure Shell or Secure Socket Shell) to be used to remotely access data.
      • In the rare case of a security incident, complete system failure, or destruction of data, AWS has a process in place to recover CareerPlug clients’ data.

      CareerPlug takes many precautions to ensure the security of our clients’ data.

      Here is a list of some of the main security precautions we take:

      • CareerPlug has a set of security policies and requires all new hires, contractors, and temporary workers to undergo training on our privacy and security policies.
      • CareerPlug applications are monitored 24x7 for security breaches or other unusual system activity.
      • CareerPlug maintains and actively reviews system logs and web server access for anomalies that could indicate a compromise.
      • CareerPlug uses anti-virus software on workstations, laptops, servers, and email gateways.
      • CareerPlug uses wireless encryption on internal networks to ensure the safety of internal company information and accounts.
      • CareerPlug requires strong passwords: Passwords must be at least 8 characters long and include an uppercase letter, a lowercase letter, a symbol, and a number.
      • CareerPlug passwords expire periodically to require resetting of passwords.
      • CareerPlug locks all accounts after 5 consecutive failed login attempts.
      • CareerPlug requires password encryption for transit and storage of passwords and other confidential or sensitive information.
      • CareerPlug contracts with external partners to conduct independent vulnerability tests on our software applications annually. Tests like these proactively flag any potential security threats so that they can be resolved. The results of these security audits are available to share with clients upon request.
      • Risk assessments are performed and documented on a regular basis or whenever the system, facilities, or other conditions change.

      Security measures CareerPlug takes specifically for confidential or sensitive information (such as Onboarding documents):

      • Access to our application is restricted to encrypted channels (i.e., https).
      • Sensitive or confidential information is encrypted in transit and at rest.
      • We use industry-standard encryption algorithms with 256-bit strength (we use AES-256).
      • We use network encryption when transporting sensitive information over open networks.
      • We employ methods to securely destroy or dispose of confidential or sensitive data.
      • We have a process in place to evaluate and prioritize system vulnerabilities.

      In the rare case of a security incident (we have never had such an incident since CareerPlug was founded in 2007), there is a plan in place:

      • The security incident will be documented and reported.
      • Customers will be notified.
      • The incident will be monitored and tracked until resolved.

      Payment processing

      • CareerPlug uses a third-party service, Chargify, to process client credit cards.
      • Client credit card information is transmitted to Chargify using industry-standard encryption.
      • CareerPlug does not store any credit card information on our internal systems or network.

      System downtime

      • Source code audits are performed regularly.
      • Day-to-day changes to CareerPlug’s software are made in a continuous deployment environment. Full access to the system is available during all routine changes.
      • CareerPlug will notify clients at least one week in advance of any extraordinary changes to the system that require downtime. These maintenance windows, when needed, take place outside of normal business hours.
      • In the event of an unplanned system outage, customers will be notified of the outage and the expected resolution time for the outage on our system status page: status.careerplug.com