Data Governance

At Sapia, we put you first! That includes your data.

Data Governance

Security Posture

  • Data SovereigntyCandidate data is processed and stored safely in your region in order to respect data sovereignty, legislation and requirements. Data is processed in the EU and stored locally.
  • Data ConfidentialityAll client data is encrypted at rest and in motion using secure protocols, such as TLS, SFTP, or SSH. Only industry standard tools are used for encryption, including AES-256 for en- cryption.
  • Security CertificationSapia has implemented a security management system that is undergoing certification for ISO 27001. This standard ensures continual surveillance and maintenance of the systems that implement our security controls.
  • GDPR ComplianceSapia has successfully completed a comprehensive review of all system and company processes to ensure compliance with all GDPR requirements as of the European Union’s General Data Protection Regulation (GDPR) that took effect in 2018. Sapia also complies with Australian Privacy Principles.
  • Business ContinuityThe risks facing business need to be understood and mitigated and Sapia has implemented a Business Continuity Plan in the event of disaster including a Pandemic Plan. Our security incident management and data breach procedures ensure any issues are dealt with quickly and appropriately
  • Algorithm FairnessSapia tests for fairness of algorithms at each key stage of the machine learning process to detect and eliminate adverse impact. These include various tests performed on training data, model training, and live model outcomes on gender and race attributes. Both our predictive scores and recommendations are tested for adverse impact.
  • Enterprise Grade Security: To Protect Your DataSapia is an ISO 27001 compliant vendor, and keeps Privacy, Security and Compliance as a company priority. Ongoing team training and a series of enforcing mechanisms coupled with a comprehensive alerting and anomaly detection system ensures that Sapia’s Data and infrastructure are protected under the highest standards at all times.
  • Security AssuranceSapia works with external auditors and security teams to test its network and infrastructure ensuring its security and availability. The auditors engage state-of-the-art vulnerability scans and penetration tests to ensure continuous system stability and enterprise-grade security.
  • Software Development Life CycleSapia utilizes a modern Development Life Cycle and Operations posture driving full monitoring and impact assessment of any code change before deploying to production environments.
  • Third Party DisclosureSapia only works with Third Party Service providers that are chosen after a strict review and to be in compliance with Sapia policies and processes as well as Country-Specific Regulations. Sapia does not sell or trade customer information to third parties and strictly follows all confidentiality requirements of client data.