Talentprobe Security

At Talentprobe, our reputation rests on our ability to
provide all of our clients and candidates
with the highest form of security.


Why is Talentprobe Secure?

Ensuring the privacy and security of your data is a top priority for us. You can rest easy, knowing that we take every precaution to provide an online form service with high-grade security.

256 Bit SSL

All data are served across a protected 256-bit SSL (Secure Socket Layer) connection that uses a SHA256 Certificate. It is the industry standard protection.

Encrypted Submissions

Submissions are encrypted to ensure that data is transferred and stored in a secure format and that no one else can read it. Submissions are encrypted with high-grade RSA 2048 at the user’s computer, then transferred and stored securely on our servers.

PCI Certification

Talentprobe is PCI DSS Service Provider Level 1 compliant, the highest security attainment you can have as a business that collects payments from and integrates with credit cards.

NPC Compliance

Talentprobe is compliant with the Republic Act 10173 otherwise known as the Data Privacy Act regulated by the National Privacy Commission, which governs personal data collection.

SOC 2 Compliance

Talentprobe is committed to upholding all five SOC 2 Trust Service Principles: security, confidentiality, availability, privacy, and processing integrity by providing a SOC 2-compliant solution.

General Legal Compliance

At Talentprobe, we take compliance with all laws that are applicable to our business and our platform seriously, including laws that protect individuals’ privacy and data, and we have many measures, practices, and policies in place to ensure our compliance. See the compliance and privacy links on this web page for more information.

Spam Protection

In addition to the Captchas that are requested from time to time, we have implemented several other options to protect you from potential spammers.

Account Privacy

We limit who can access information and monitors all transactions to protect against unnecessary exposure of data. We require advanced password structures and mandate regular password resets to secure all information.


Other Measures We Take to Protect Your Data

When it comes to data security, high availability, or high performance, we go the extra mile all the time. We do our homework to keep our service secure.

Backup Policy / Business Continuity

We continuously replicate (back up in real-time) your data between multiple servers hosted by our primary service provider Google Cloud. Additionally, all data is also replicated to AWS (our secondary platform) by way of hourly snapshots. Each snapshot is stored for 30 days in the cloud environment.

Encouraging Best Coding Practices

In addition to implementing features that increase security, we maintain best practices on the back end to ensure that your account remains secure. We monitor sessions to restrict access to your account appropriately and have constructed Talentprobe in a way that every account is isolated.

We have put safeguards in place to detect common attacks, such as SQL injection and cross-site scripting. Most importantly, we actively review our code for potential security concerns (in addition to evaluating all user feedback) so that we can address any issues if they arise. Our privacy statement speaks to our level of commitment to ensuring your data is not misused.

All developed code is deployed to the production environment only after certain procedures including tests run on staging systems. Our continuous deployment system and development process allow us to rapidly update and patch our system whenever needed.

Security Audits

PCI scans are performed to detect any kind of vulnerability of the publicly-available interfaces regularly. Each quarter internal and external ASV (Approved Scanning Vendor) tests are performed for PCI. In addition to these PCI scans, Pen-tests are performed periodically for Talentprobe.

Network Security

We have an outside routing layer provided by CloudFlare that provides basic filtering to handle and manage any potential DDoS (denial of service) attacks. Security scans are performed periodically as described in the audits/VA/PT chapter. Our servers are configured to allow only the absolute minimum level of access needed to maintain them.

All unnecessary users, protocols, and ports are disabled and monitored. Our employees are able to access the servers only through a Virtual Private Network using a 2048-bit encrypted connection with private keys. In addition to 3rd-party security services, our experienced development operations team continuously monitors any suspicious behavior on the entire system.

Account Security

All account information is automatically encrypted when created. Only the approved respective clients and Talentprobe have access to your data and submissions.


Data Security Questions

How do you store uploaded files to my submissions?

Files uploaded to your submissions are assigned a very complex URL. Only people having this URL can download these files.

What are Talentprobeā€™s security (HTTPS / Encryption) standards?

By default, Talentprobe utilizes the TLSv1.2 connection standard on top of SHA256/RSA encryption for HTTPS. For encryption of submissions, Talentprobe uses 2048 Bit RSA Keys.

How do you prevent XSS and SQL injections?

We apply best practices to prevent such vulnerabilities, and we actively review our code for potential security concerns.

What do you use for security protection against malicious attacks?

We use CloudFlare for spam, phishing, and DDOS attack protection and OSSEC for intrusion detection and monitoring of our servers.

Who has access to the information gathered in our database at Talentprobe?

Our servers have restricted access by network and authentication level. On a network level, only a limited number of VPN entry-points are allowed, and the rest of the connection requests are completely blocked by our firewall. On an authentication level, only the Development Operations Team and our CTO and CEO have credentials to access these servers.

Do you conduct any internal or external vulnerability assessments or penetration testing?

Yes. In addition to internal and external PCI scans, pen tests are performed periodically for Talentprobe.

What is your companyā€™s password complexity policy?

We don’t have a password complexity policy. Passwords are encrypted with salt and SHA-256.

Does your company have an intrusion detection policy?

Talentprobe has HIDS (Host Intrusion Detection System) instances on the application servers and NIDS (Network Intrusion Detection System) instances in the development offices. Additionally, PCI intrusion detection policies are being applied, as defined by PCI requirements.

What type of due diligence is performed on employees of your organization?

All Talentprobe employees must pass a rigorous screening process at the time of hiring. Additionally, all employees must sign and are bound by a non-disclosure agreement (NDA).


Data Center Questions

What data security measures does your data center have? Are there any certificates available related to data security, data confidentiality, and secure transmission of data? Is your data center SOC 2 compliant?

All data centers where we host our servers have the highest level of compliance with security standards. Our primary platform is Google Cloud – it complies with SSAE16 / ISAE 3402 Type II, SOC1, SOC2, SOC3, ISO 27001, ISO 27017 (Cloud Security), ISO 27018 (Cloud Privacy), PCI DSS v3.2, and HIPAA. You can find more information about Google Cloud compliance atĀ https://cloud.google.com/security/compliance.

Our secondary Platform is Amazon Web Services(AWS) – it complies with SOC1, SOC2, SOC3, ISO 27001, ISO 27017 (Cloud Security), ISO 27018 (Cloud Privacy), PCI DSS Level 1, and HIPAA. You can find more information about AWS compliance atĀ https://aws.amazon.com/compliance/.Ā 

Do you have in-house servers?

Talentprobe uses Google Cloud and AWS for all our data center hosting needs and does not maintain any in-house servers.

Are your systems tested for security flaws?

Yes, our systems are regularly tested against external and internal threats.