It’s of the utmost importance that, as you enjoy the advantages of “software as a service,” a key part of that service is air-tight with data security and back ups.
When shopping for an applicant tracking system (ATS), here’s a few questions you should ask prospective vendors:
Who owns the software company? Your vendor will have unfettered access to all the information in your ATS database. Knowing this would you trust a competitor or an executive search company with all your candidate data including salaries, and for staffing companies, all your confidential client information including mark-up and terms?
Does the vendor co-locate its servers? Look for a vendor that maintains the software at its own on-site data center, so there’s no unknown third-party with access to your data.
How does the system limit network access? Ask about routing and firewall security protecting the web servers. Look for database servers that reside on a separated network that communicates with the web servers via a private, unexposed backbone. To ensure network security, only inbound HTTP/Secured HTTPS traffic should be allowed in to the server farm.
What about data normalization? Does the vendor adhere to industry standards for database normalization and optimization? Do they perform regular internal audits? During the process of shopping for an applicant tracking system, look for an ATS that routinely monitors server optimization and utilization following strict procedures.
And how about data separation? To be truly secure, every client's session should use its own dedicated connection to their private database, as opposed to data connection pooling. All data should reside within your own private database, accessible by authorized users only.
How do they achieve user security? Ideally, end-users should only access system data via the application, with each being assigned a security level allowing them to perform functions accordingly. Look for a variety of permissions and rights that may be granted to select users, and ability to create group security settings. You should be able to generate user logs and implement internal security to track user activity, with your vendor also continually monitoring system traffic to detect unusual activity.
How do they handle sensitive documents & data? You’ll want your software to allow users to indicate if an uploaded document requires restricted viewing, and limit it to only those who’ve been granted permissions. All sensitive data such as candidate’s SSN, User IDs and Password information should be encrypted prior to storage in the database.
What’s provided in SQL & password security? At no time should any actual database passwords ever be transmitted over the Internet. Authentication to the database might be handled within NT trusted security context, so there’s no risk of back-door access. Admin level users should also be able to establish unique password rules, allowing you to make adjustments to meet internal security policies.
And how do they back up data? A responsible ATS partner might back up to removable media nightly, then transfer at least once a week to a highly secure off-site facility. Also look for routine archiving that’s performed on your specified schedule.
So, feeling totally secure? If not, you owe it to yourself when shopping for an applicant tracking system to find an ATS partner with the proven know-how to meet all your technical challenges—and one that’s firmly committed to continually upgrading its capabilities to provide for you the utmost in data security.
Download our eBook "Top 10 Hiring Mistakes"
Doug Coull is our guest blogger this week. Doug is the founder and CEO of APS, Inc., makers of SmartSearch talent acquisition and staffing management software. Doug founded APS in 1986 after a successful management career in the contract engineering industry. Envsioning a new approach to candidate management, APS, under Doug's leadership, pioneered resume scanning based systems. A leader in technology development for nearly 30 years, Doug brings a unique perspective to the development and user adoption of software and technology in the HR community.