Your all-in-one hiring platform! See how AvaHR can help you crush your hiring goals.
Your all-in-one hiring platform! See how AvaHR can help you crush your hiring goals.
This toolkit includes a variety of resources, including templates for job descriptions, interview questions, and offers.
Your all-in-one hiring platform! See how AvaHR can help you crush your hiring goals.
Your all-in-one hiring platform! See how AvaHR can help you crush your hiring goals.
This toolkit includes a variety of resources, including templates for job descriptions, interview questions, and offers.
This statement exclusively covers AvaHR’s policies and practices regarding information and data security. It does not recapitulate the law, nor does it define our Privacy Policy, nor does it attempt to define good conduct outside of the security context.
AvaHR is a software-as-a-service (SaaS) business. The company has a dedicated SaaS Operations team that is responsible for ensuring the safe and continuous operation of AvaHR web services. Members of this team are carefully vetted for reliability and responsibility, and are trained to be knowledgeable and aware of sensitive information.
AvaHR’s SaaS Operations infrastructure is divided into multiple, geographically dispersed facilities operated by Amazon and internet access is protected by Cloudflare network services. Amazon AWS data centers have obtained ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley accreditation. You can read more about Amazon AWS compliance here.
The AvaHR SaaS solution is multi-tenant, and logical access controls using authentication and roles ensure the necessary separation between data from different clients. All infrastructure responsibilities live with AvaHR, and clients are provided with functionality to manage their own users and roles at the application level.
AAvaHR’s business continuity planning (BCP) and disaster recovery (DR) activities prioritize critical functions supporting the delivery of service to our clients. Our systems architecture employs redundancy through the entire infrastructure. No system or service has a single point of failure. Data is always written to at least two separate locations when stored. AvaHR leverages load balancing on the front-end and replication on the back-end between servers distributed across multiple data centers in North America to ensure uninterrupted operations. Failover tests are performed at least annually as part of scheduled system maintenance.
AvaHR employs a multi-tier distributed architecture that allows us to scale horizontally as the number of clients and volume of traffic increases. AvaHR uses multiple monitoring processes and tools to continuously track system resources, applications and capacity. Systems are scaled up when predetermined capacity thresholds are reached.
AvaHR stores all client data in the SaaS production environment on fully redundant storage systems. Daily and intraday data is backed up on a scheduled basis to a separate secured online storage service. Only AvaHR SaaS Operations employees have access to backups.
AvaHR employs industry standard enterprise application management solutions to monitor systems and measure uptime; instrument application performance and behavior; aggregate index and archive application and system logs and trigger alerts based on event logs; and to facilitate alerting, trend analysis, and risk assessment.
AvaHR employs a public cloud deployment model using both physical and virtualized resources for our SaaS solution. All software maintenance and configuration activities are conducted by AvaHR employees remotely over a Virtual Private Network.
Only authorized staff have access to production networks and hosts. Development staff members have limited access to production services for debugging and customer support purposes.
All passwords and credentials that enable access to AvaHR’s production systems and services are stored in secure systems that are only accessible to authorized staff.
AvaHR employs an automated configuration management system and uses continuous integration and automated deployment management tools to ensure that all changes to production servers, networks, and application software are applied in a deliberate and planned manner. Changes with operational impact are kept to a minimum are only applied during pre-announced maintenance windows. Every change to production, except in cases of emergency, go through the following stages:
Only content intended for general consumption is publicly available.
All systems log to a central repository for analysis and change tracking.
Continuous backups of data are made and stored in redundant locations.
Only authorized personnel may access or restore any data from the backup data sets.
No production node or service is allowed to communicate with other services without credentials.
Configuration of production systems and services is applied automatically and is vetted for security deficits prior to deployment
AvaHR continuously monitors and responds to active and emerging security threats, including the Open Web Applications Security Project (OWASP) top 10 and Community Emergency Response Teams (CERT) advisories.
Please report security vulnerabilities to security@avahr.com. AvaHR does not provide monetary bounties for vulnerability reports at this time.
Security updates are applied within seven (7) days in non-emergency cases or more rapidly in the case of an urgent threat.
AvaHR’s platform also contains a number of security measures to ensure the secure performance of its services.
All data are encrypted in transit and at rest. Web access to AvaHR SaaS software runs over secure HTTPS connections that employ at minimum TLS1.2 and AES 256-bit encryption.
Access control lists define the behavior of any user of the platform, and limit them to authorized behaviors.
Extensive anti-fraud processes run continuously to detect malicious or harmful use of the platform. These processes are under continuous refinement.
All data have unpredictable identifiers (UUID4) that prevent any individual contributor from predicting or accidentally overwriting other storage entities.
All end user activity is extensively instrumented and logged to enable audit tracing for security and customer support purposes.
All AvaHR and AvaHR-client confidential documents, files, and data are stored in the company’s file storage accounts, revision control systems, or otherwise stored in a company-provided external system. Data and files may not be stored locally on laptops only. When a AvaHR employee or contractor terminates employment, all data stored on company-issued laptops is destroyed.
All employees are issued copies and acknowledge receipt of AvaHR policies regarding information and data security.
To support the delivery of our services, AvaHR uses service providers (each, a “Subprocessor”) that may transmit, store and/or process personal data about clients’ candidates and authorized users.
Last modified: January 3, 2023
