Implementing IP restriction ensures better security. Users can be tagged to specific IPs and can only access the application from that IP. It is a robust approach to implementing security and avoid access to the application from unauthorized locations.
One-time password systems provide a mechanism for logging on to a network or service using a unique password which can only be used once. One-time passwords are a form of so-called strong authentication, providing much better protection systems containing sensitive data.
Strong authentication systems address the limitations of static passwords by incorporating an additional security credential, for example, a temporary one-time password (OTP), to protect network access and end-users' digital identities.
All the sensitive data is securely encrypted in the database and decrypted only, while accessing the data by the authorized users through the application. We use industry standard encryption algorithms to keep the data safe and secure. Even the backups that are stored are encrypted as Google provides the encryption for the data at rest.
Google develops and deploys infrastructure software using rigorous security practices. Their operations teams detect and respond to threats to the infrastructure from both insiders and external actors, 24/7/365.
Ceipal de-identifies data wherever possible. Measures like anonymizing personally identifiable data. Ceipal additionally implements access controls wherever necessary and possible. Sensitive information is made accessible only to people who need it to do their jobs. Ceipal encrypts all sensitive information by default.
Ceipal has the distinction of being one of the first applicant tracking systems (ATS) to be SOC2 compliant, and one of the first software-as-a-service (SaaS) companies to utilise the SSAE 16/18 framework to provide security review. Ceipal undertakes an independent third party annual SOC2 audit that reviews certain of its internal controls and processes. The audit covers internal governance, production operations, change management, data backups, and software development processes. It evaluates that we have the appropriate controls and processes in place and that they are actively functioning appropriately in accordance with related standards.
The SOC2 program offers independent verification that our security practices offer a recognized standard of security measures. Furthermore, the program is designed to cover key elements of data processing and integrity, while maintaining auditing practices within our business and operational processes. As all customers are concerned with their data and its security, Ceipal has integrated its SOC controls into its operating procedures. These procedures span the organization, teams or functions that provide service or support to our clients on our platform. The key components of our SOC2 controls environment include: