0 added
0 removed
Original
2026-01-01
Modified
2026-02-28
1
<p>Security policies</p>
1
<p>Security policies</p>
2
<p>Our security policies, controls, and standards cover a wide range of areas to include information security, incident response, access control, physical security, network security, vulnerability management, software/systems development life cycle, secure development, change management, vendor management, disaster recovery and business continuity.</p>
2
<p>Our security policies, controls, and standards cover a wide range of areas to include information security, incident response, access control, physical security, network security, vulnerability management, software/systems development life cycle, secure development, change management, vendor management, disaster recovery and business continuity.</p>
3
<p>Access control</p>
3
<p>Access control</p>
4
<p>Checkr uses role-based access control (RBAC) and an identity management system to identify, authenticate, and validate access to systems or resources. Multi-factor authentication is required to access core systems and for remote access to the Checkr environment. Internal policies and technical access controls limit staff access to a candidate’s personal identifiable information (PII) without a business need.</p>
4
<p>Checkr uses role-based access control (RBAC) and an identity management system to identify, authenticate, and validate access to systems or resources. Multi-factor authentication is required to access core systems and for remote access to the Checkr environment. Internal policies and technical access controls limit staff access to a candidate’s personal identifiable information (PII) without a business need.</p>
5
<p>Encryption</p>
5
<p>Encryption</p>
6
<p>Data is transferred using Transport Layer Security (TLS) with 128-bit or higher Advanced Encryption Standard (AES) encryption. Data is also stored at rest with AES-256-bit encryption. Encryption keys are stored separately from the encrypted data and it’s all hosted in our off-site cloud infrastructure.</p>
6
<p>Data is transferred using Transport Layer Security (TLS) with 128-bit or higher Advanced Encryption Standard (AES) encryption. Data is also stored at rest with AES-256-bit encryption. Encryption keys are stored separately from the encrypted data and it’s all hosted in our off-site cloud infrastructure.</p>
7
<p>Vulnerability management</p>
7
<p>Vulnerability management</p>
8
<p>Checkr performs regular application and infrastructure security vulnerability and penetration testing, by internal security staff and third-party security researchers/specialists to proactively identify vulnerabilities and complete remediation.</p>
8
<p>Checkr performs regular application and infrastructure security vulnerability and penetration testing, by internal security staff and third-party security researchers/specialists to proactively identify vulnerabilities and complete remediation.</p>
9
<p>Change control</p>
9
<p>Change control</p>
10
<p>Checkr maintains systems development life cycle (SDLC) policies and procedures to guide in the documentation and implementation of application and infrastructure changes. Change control includes change requests, initiation process, documentation requirements, development practices, quality assurance, testing requirements and required approval procedures. Version control maintains a history of code changes to track changes and to support rollback capabilities, if needed.</p>
10
<p>Checkr maintains systems development life cycle (SDLC) policies and procedures to guide in the documentation and implementation of application and infrastructure changes. Change control includes change requests, initiation process, documentation requirements, development practices, quality assurance, testing requirements and required approval procedures. Version control maintains a history of code changes to track changes and to support rollback capabilities, if needed.</p>
11
<p>Subsurface providers</p>
11
<p>Subsurface providers</p>
12
<p>Checkr production systems are housed at third-party subservice organization data centers and managed service providers. Third party providers are responsible for physical, environmental and operational security controls, and Checkr is responsible for network, application and logical security controls of our infrastructure.</p>
12
<p>Checkr production systems are housed at third-party subservice organization data centers and managed service providers. Third party providers are responsible for physical, environmental and operational security controls, and Checkr is responsible for network, application and logical security controls of our infrastructure.</p>