- My Ally’s computing infrastructure is provided by Amazon Web Services, a secure cloud services platform. Amazon’s physical infrastructure has been accredited under ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley.
- We have architected a secure multi-tier network environment on top of Amazon’s infrastructure to ensure that our applications and data are protected and always accessible. Access to our infrastructure is tightly controlled and monitored. In addition to strong security controls, My Ally ensures that the data it collects remains available through full, daily backups, retained for 14 days
- We employ secure coding practices and ensure we’re at-minimum protected against the OWASP Top 10. All of the My Ally applications undergo frequent third-party security and vulnerability assessments to catch any security bugs we may have missed. We even have a “bug bounty” program where we pay hackers to responsibly report bugs they find in our applications.
How does My Ally keep sensitive information private?
- The communication between your employees and our servers is encrypted with 128-bit SSL encryption. All sensitive data-user passwords are securely encrypted-hashed; both in transit and at rest passwords are never stored in plain text. All data access is protected by a role-based access-control mechanism, which only lets users view data for which they have permission. It’s impossible for users to view data from organizations other than their own.
Which employees at my company will use My Ally?
- Everyone! Your entire recruiting team will obviously be using My Ally regularly. But interviewers will rely on My Ally to seamlessly have interviews scheduled and submit evaluations in a timely fashion. Management will want to use the reporting features to get an overview of how quickly candidates are moving through the pipeline. It can even be used as an internal scheduling tool.
Our internal processes
- Only authorized employees have access to our production infrastructure, passwords are strictly regulated, and access requires multiple factors of authentication. We limit access to customer data to the employees who need it to provide support and troubleshooting on our customer's behalf. Accessing customer data is done solely on an as-needed basis, and only when approved by the customer (i.e. as part of a support request), or to provide support and maintenance.
- Why take our word for it? We are ISO 27001:2013 certified. Our systems and processes conform to the ISO/IEC 27001:2013 standard, assuring that our controls relating to security, availability, and confidentiality are well designed and operating effectively.
|Certifications / Attestations|
|Laws / Regulations / Privacy|
|Alignments / Frameworks|
|EU-US Privacy Shield|
|Swiss-US Privacy Shield|
EU Data Protection
The European Union’s General Data Protection Regulation (GDPR) protects European Union data subjects' fundamental right to privacy and the protection of personal data. It introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance.
Privacy Sheild Framework
In an effort to provide maximum transparency, we’ve compiled a list of sub-processors My Ally works with along with details on what the data collected through these sub-processors are used for.
|Sub-Processors||Why & How data is used|
|Amazon Web Services||Servers and network infrastructure|