Back to Trust & Security
Data Security
Talentpool is designed to ensure absolute protection of data to guard against known vulnerabilities like Sensitive Data Protection, Input Validation and more. Some of the mechanisms we use to safeguard your data are:
Data Security and Privacy
- Data Classification & Handling: Customer and candidate data is classified by sensitivity and handled accordingly. Access to confidential information is restricted and requires additional authentication layers.
- Retention & Deletion: Data retained only for contractual and regulatory purposes. Secure deletion mechanisms ensure complete removal upon contract termination or request.
- Backup & Disaster Recovery: Encrypted backups are performed automatically and stored in geo-redundant AWS locations. Disaster recovery procedures are tested periodically to validate recovery timeframes.
- Access Controls: Database servers can only be accessed from whitelisted IP addresses. Network access is restricted to necessary ports through AWS Security Groups.
Incident Response and Business Continuity
Incident Management
- Response Plan: Incidents are logged via Helpdesk, escalated to the security team, and analyzed for root cause
- Response Timelines:
P1 (Blocker Issues): Response within 2 business hours; resolution within 2 business days.
P2–P4 (Major to Low): Handled within SLA-defined timelines.
- Post-Incident RCA: Root cause analysis (RCA) is mandatory after every incident, with corrective and preventive measures enforced.
- Breach Notification: Clients are notified promptly of any incidents impacting their data.
Business Continuity & Disaster Recovery
- RTO/RPO: Defined as per client requirements; supported by redundant AWS-based backup infrastructure.
- Testing: Backups and restoration procedures are regularly tested to ensure effectiveness.
- Documentation: Policies are reviewed and updated annually.