Security

How we keep our data secure

We live in a world where cyber incidents happen every day, violating the privacy of millions of individuals and costing companies financial and reputational damages. We acknowledge this threat and understand that information security is of the utmost importance.

Our products are secure by design

We engage in secure design and coding practices, engaging in secure application security practices as early as possible in our development cycle. We also consistently engage in ongoing testing and penetration testing on our application, to catch and remediate bugs that do make it through our development cycle.

For added assurance, our live product environment is protected with web application firewalls, denial of service protection and intrusion detection systems.

Physical security and data sovereignty

We’ve partnered with AWS, taking full advantage of their Cloud services. These services allow us to capture, process and store data securely while respecting data sovereignty across 27 regions. AWS data centres employ world class security physical practices to protect from threat actors and geographical disaster.

AWS provides us with:

  • 24/7 surveillance
  • Physical security
  • High availability
  • Scalable infrastructure
  • Data centers designed to mitigate geographical risks

Visit the AWS website for more information on its data security measures.

Our culture respects data

Our candidates trust us with their data, and it’s our duty to respect and protect their data. That’s why we go beyond being GDPR compliance – we’ve built a culture where all PII, regardless of its origin, is treated to the same high standard at every stage of its life cycle.

  • Data processing. All data is processed within AWS
  • Data protection. Stored in AWS, Encryption at rest: Stored in AWS, data is encrypted at rest using 256-bit AES encryption. Encryption in transit: TLS 1.2 or higher
  • We have an intra-group data transfer agreement enabling the lawful transfer of this data
  • Data sovereignty. Sapia respects data sovereignty standards and is fully GDPR compliant.
  • Sapia retains anonymised PII and anonymised interview data indefinitely. We do this as a means to build and maintain predictive models, as well as to create analytical and statistical data to improve or modify services or develop new products.

Compliant with Industry Standards

Security doesn’t stop with our product. At Sapia, we have teams dedicated to security, risk and compliance. These teams are responsible for working to maintain and grow our security posture as the security landscape evolves.

Sapia maintains ISO 27001 certification and SOC 2 Type 1 and 2 accreditation.