At PCRecruiter, we regard security and availability as our most important goals. This commitment extends beyond our internal operations. We understand the crucial role secure and reliable partners play in your organization’s success. But how can you, as a customer, effectively assess potential vendors in terms of their security and availability posture?
Seek SOC 2 Compliance. This widely recognized independent audit assesses a service organization’s security controls and measures to safeguard customer data. SOC stands for System and Organization Controls. It refers to a framework developed by the American Institute of Certified Public Accountants (AICPA) for assessing the effectiveness of a service organization’s controls related to information security, privacy, and other operational risks.
Consider Additional Certifications. Depending on your industry and data sensitivity, additional certifications like ISO 27001 (Information Security Management) or PCI DSS (Payment Card Industry Data Security Standard) might be important factors.
Request access to the vendor’s security policy outlining their approach to protecting your data, who can access it and under what controls, and what their incident response plans entail. It’s important to understand what their communication protocols are in the case of a potential security incident.
Inquire about third-party testing procedures they may be employing and learn how they address vulnerabilities found by these tests. It’s one thing for a vendor to claim security of their system, but without outside auditing and testing their claims may be hollow.
Ensure documented disaster recovery plans exist. These plans should outline what the vendor’s backup systems include and how the vendor would restore critical systems and data in case of an outage. You’ll also want to inquire about redundancy measures that guarantee application uptime during unforeseen circumstances.
Your PCRecruiter account is always available to you in a warm standby (read-only) mode, operating on a completely independent and geographically separated infrastructure, and continuously backed up to our current Recovery Point Objective. We call this our ‘snapshot’ feature. In the event of a loss of access to our primary service, snapshot can quickly be switched out of read-only mode and be promoted to primary service, and then reverted to backup mode as required.
A reputable vendor will openly discuss their security practices and be prepared to answer your questions concerning their security practices. Look for vendors who prioritize transparency and actively communicate.
Main Sequence Technology is pleased to provide PCRecruiter users and prospective customers with this information, including documentation of our SOC2 compliance. Your comfort level and ability to meet your own vendor assessment responsibilities to your customers and stakeholders are important parts of the value that working with our company provides.
Watch out for vendors who make big promises or seem overconfident. The fact is, absolute cybersecurity cannot be guaranteed by anyone for reasons such as:
While achieving absolute cybersecurity is an unreachable goal, carefully monitoring the threat landscape, deploying and effectively using reasonable controls, communicating transparently, and deploying skilled and objective third-party experts are what you should expect from your vendors, and what Main Sequence will provide as part of our service. Contact us with your questions.
Please note that this blog post is intended for informational purposes and should not be considered as expert security advice. Appropriate and commercially reasonable business operations regarding cybersecurity are highly dependent on conditions affecting each organization. Each organization should obtain professional services from accredited providers pertinent to their industry and the type of information processing being conducted. This blog post is not a warranty, representation of merchantability, or statement of fitness for any particular purpose regarding the service or other offerings of the company.
PCR 9 is getting a few end-of-year enhancements in this week’s release, including some stylistic updates as well as updates and improvements to our integration with SEEK.
Read moreAs mail service providers use increasingly sophisticated tools, including AI, to detect suspicious activity, and Microsoft begins placing tighter restrictions on Exchange and 365 accounts, recruiters need to be well-informed on how to reach their intended recipients without breaking the rules.
Read moreFor the 26th year, PCRecruiter extends our holiday wishes to customers, team members, and the worldwide recruiting community.
Read moreFind out more about who we and what we do.