Back to Blog Recruitment Technology Security: Key Considerations and Terms to Know by Emily Swartz on May 5th, 2021 Note: this resource is for informational purposes only and not to provide legal or security advice. You should contact your legal or security counsel concerning any questions or issues regarding recruitment technology security. With constant and evolving security threats that risk catastrophic effects, managing security is both a challenging and crucial aspect of your business. A critical step in your security strategy should be to build a tech stack with providers that utilize best-in-class security practices and resources. This will substantially improve your ability to keep your firm’s data safe while saving you money, resources, and your reputation. To help you get started, we’ve compiled a list of essential questions to ask while evaluating technology providers, as well as a glossary with key terms that your team should keep in mind during the evaluation process. Read on for these considerations and terms your team should be familiar with to improve your recruitment firm’s security evaluation strategies: Key Considerations for Recruitment Technology Security Here are questions to help you ensure your technology provider follows security best practices, from investing in training to circulating resources. Are you investing in tools and training to improve your security posture? Are you running annual audits and tests? Are you SOC 1 & SOC 2 certified? Do you have perimeter solutions (firewalls and VPNs) in place? Have you established measures to minimize scope & impact should a breach occur? Do you have a threat intelligence function? What sort of early detection & intelligence products do you use? Can we expect constant alert monitoring? Do you have a disaster recovery process in place? Are you taking strides to make security a company-wide standard? Do you require company-wide and/or role-specific training? Are you regularly circulating best practices and resources to keep all employees up-to-date and aware of how to stay vigilant and safe? Glossary Disaster Recovery: A set of policies, tools, and procedures that enable the recovery of data and the continuation of vital technology infrastructure and systems following a natural or human-induced disaster. Firewalls: Devices that police traffic entering and exiting your software infrastructure and as traffic moves within the various environments internally. They are designed to work on the principle of least access — allowing only what is required — and to monitor/prevent malicious attacks and unusual behavior. Independent Security Assessments: A contracted agreement with an external entity in which a software environment or product is assessed for its security. Perimeter Solutions: Technical product solutions that assist in protecting your corporate and data center infrastructure from threats originating elsewhere. In essence, these solutions sit at the border or perimeter of the environments we control and have responsibility for. Security Breach: An incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party. Security Incident: A security event that compromises the integrity, confidentiality, or availability of an information asset. SOC (Systems and Organization Controls) 1 Report: Addresses a company’s internal control over financial reporting, which pertains to the application of checks and limits. By its very definition, as mandated by SSAE 18, SOC 1 is the audit of a third-party vendor’s accounting and financial controls. SOC 2 Report: Addresses a service organization’s controls that are relevant to their operations and compliance. Third-party Security Assessments: An assessment performed by your company against your partners. This is your company’s way of auditing the security posture of those you do business with. Threat Intelligence Function: A sophisticated internal operation dedicated to aggregating data from your peers, internal intelligence teams, and other external sources, used to understand the environment and proactively prevent attacks before they occur. VPNs (Virtual Private Networks): Enable certain users access to network resources inaccessible to the broader public. To learn more about recruitment technology security and how you can set your business up for success, subscribe to Bullhorn Content for the latest updates, tips, and best practices.