Security at SeekOut

At SeekOut, the security of our customers’ data and compliance with legal requirements are our top priorities. SeekOut is committed to earning and maintaining the trust of our customers. We design our software and business practices to protect customer data. SeekOut’s software platform and corporate policies & procedures are compliant with global standards and trusted by many Fortune 500 enterprises.

SOC2

SeekOut is SOC 2 Type 2 certified as of June 8, 2023.

Responsible disclosure

If you are a security researcher who has found a vulnerability on our site, please let us know by joining our HackerOne program.

Cloud security

SeekOut’s services run on Microsoft Azure, which is physically secure, employs modern software security techniques, and requires multi-factor authentication for access. The Azure cloud infrastructure has more certifications than any other cloud provider including SOC 2, ISO/IEC, CSA/CCM, ITAR, CJIS, HIPAA and IRS 1075.

Data access

Access to customer data is provided to SeekOut employees on a need-to-know basis. Specifically, SeekOut employees can only access customer data when necessary to investigate and resolve a customer issue and only after receiving approval from the customer to do so. The development team cannot access customer data for any other purpose and does not test SeekOut software with customer data. We review our access policies and access rights to our systems at least annually.

Confidentiality

All SeekOut team members are required to sign an agreement that protects the security and privacy of our customers.

Data encryption

All customer data is encrypted in transit and at rest. The SeekOut service can only be accessed by secure HTTPS connection and all customer data is encrypted using AES-256. The encryption keys are managed and rotated by Microsoft Azure.

Password hashing

SeekOut never stores or transmits user passwords as plain text. We utilize a one-way, cryptographic hashing algorithm known as Bcrypt, an industry standard for password hashing.

Backup

All SeekOut data is backed up daily. Those backups are geographically distributed and can be recovered quickly. SeekOut has never lost any customer data.

Physical security

SeekOut is entirely hosted on Microsoft Azure servers which are architected to the highest security standards and SOC 2 Type 2 Certified.

SeekOut team access control

SeekOut has a formal Access Control policy which includes role-based access to all resources and unique ID for all team members. In addition, we have standards and systems for role-based security, password strength & change frequency enforcement, and protections against brute force login attempts.

Incident response and notification

We have never had a security breach. If we were to suffer a security breach or other event that compromises the integrity of customer data, we would notify all customers within 24 hours.

Training

Every new SeekOut employee receives training on SeekOut’s Security, Confidentiality, and Data Protection policies and all employees receive updated security training at least annually.

Network monitoring and protection

SeekOut monitors and responds to all security events, reviews firewall rules and monitors for attacks, including Denial of Service (DoS) attacks. We monitor service availability and performance.

Penetration testing

At least annually, a third party performs penetration testing of SeekOut’s cloud environment, web applications, and network configuration to detect any potential security vulnerabilities. We quickly remediate any issues discovered in penetration testing. Our last penetration test was conducted in December, 2020.

Incident response and notification

We have never had a security breach. If we were to suffer a security breach or other event that compromises the integrity of customer data, we would notify all customers within 24 hours.

Disaster recovery and business continuity

SeekOut has a business continuity and disaster recovery plan and tests the plan annually. Our data backup and recovery procedures support our business continuity plan.

Automated security assessment

SeekOut uses Microsoft Azure Security Center to run daily automatic scans to assess our systems for vulnerabilities and configuration issues.

Data protection officer

SeekOut has an appointed Data Protection Officer who is responsible for documentation and implementation of our Data Protection policies and procedures.

Security APIs

We protect your information as its transmitted between systems. SeekOut integrates seamlessly with your applicant tracking system (ATS) without compromising the security of your data. Communication through ATS partner APIs is HTTPS encrypted using TLS 1.2. The connection is encrypted and authenticated using AES-128 bit encryption. The Advanced Encryption Standard (AES) is used by the U.S. government to protect classified information and also used commercially to protect sensitive data in software.

SeekOut customer access control

For customers who want unified access control, SeekOut supports SAML-based single sign-on provisioning systems.

GDPR

SeekOut is GDPR Compliant and US/EU Privacy Shield Certified. Learn more about SeekOut and GDPR.

CCPA

SeekOut is compliant with the 2020 California Consumer Privacy Act (CCPA).

EEO & OFCCP Compliance

For customers who require Office of Federal Contract Compliance Programs (OFCCP) compliance monitoring, SeekOut can meet standards for OFCCP record keeping and reporting. SeekOut has many customers who are federal contractors. Learn more about SeekOut and OFCCP.