Technical and Organizational Measures
In accordance with Art. 32 of the GDPR, this document outlines Jobilla’s Technical and Organizational Measures that are in place to ensure the security and integrity of the data handled by Jobilla. With regards to the processing of personal data done on behalf of its customers, Jobilla is considered a Data Processor, and its customers the Data Controllers. As such, every customer has a responsibility and obligation to fulfill its duties as a Controller, as per Article 24 of the GDPR.
Jobilla has implemented the following technical and organizational measures within the meaning of Art. 32 GDPR to ensure encryption and pseudonymisation, confidentiality, integrity, availability and resilience, recoverability and corresponding verification procedures.
1. Measures to ensure data protection through technology design and data protection-friendly default settings
Jobilla fulfills requirements for data protection through technology design through its feature refinement and software development processes. All staff receive training on GDPR responsibilities, and our product management and engineering teams receive further training with regards to evaluating solutions from a privacy-centric lens.
The Data Protection Officer and legal department may also be consulted in the development of new functionality of the software.
Jobilla’s Data Protection Officer and legal department review all documents and policies relating to its data protection measures on an annual basis. Policies and documents will be updated with the review process or as necessary.
2. Measures to ensure confidentiality
Confidentiality is the protection against unauthorized disclosure of information. Confidential data and information may only be made accessible to authorized persons in a permissible manner.
2.1 Organizational Measures
2.1.1 Data Protection training
All Jobilla staff receive training on the GDPR and data protection.
2.1.2 Assignment and review of software roles
Jobilla staff is assigned a software role representing their responsibilities and the minimally required access to perform their duties towards Jobilla and its customers. This assignment is recorded in Jobilla’s software systems, and is reviewed at least every 6 months.
2.1.3 Policies describing acceptable transfer of personal information
Jobilla has internal policies that limit how employees should communicate internally about software records referring to personal data. Employees are encouraged to only share URLs to the Jobilla software, or to otherwise use the anonymous unique IDs assigned to personal records in the systems, rather than to share the personal data itself. This ensures that the transfer of personal data is protected by the technical measures whenever possible.
2.1.4 Policies describing procedures to ensure the correct functioning of encryption measures
Jobilla has internal policies that describe requirements and procedures for regular evaluation of its data encryption measures. This includes ensuring that key rotation functions properly, and that the database remains encrypted.
2.2 Technical Measures
2.2.1 Encryption
2.2.1.1 Encryption key management and rotation
The data storage systems are encrypted using Amazon Key Management Service (KMS). The keys used for database storage (RDS) are managed by AWS, and automatically rotate every year.
2.2.1.2 Encryption of data storage systems
The data storage systems used by Jobilla to store personal data reside on a cloud provider’s infrastructure, and rely on at-rest encryption of the systems. Encryption is carried out with keys issued as per (2.2.1.1), using a hardware security module (HSM) to ensure the integrity of the encryption system.
2.2.1.3 Encryption of employee devices
All employee computers are protected by state-of-the-art encryption, managed by a mobile device management (MDM) solution. All encryption keys are remotely escrowed through the MDM solution and allows Jobilla to permanently erase devices remotely.
2.2.1.4 Transmission of data over encrypted network connections
For data transferred into and out of Jobilla software systems, the primary means of protection is TLS encryption. For internal networking, a combination of certificate-based encryption, networking rules, and private networking within a Virtual Private Cloud (VPC) are used. For direct external access to systems within the VPC, an encrypted VPN connection is used.
2.2.2 Physical separation of infrastructure
Jobilla relies on its infrastructure-as-a-service (IaaS) provider to ensure that its at-rest data is stored on different hardware than its software applications. Further, the reliance on hardware security modules (HSMs) provides a third physical device required for accessing data.
2.2.3 Physical security of infrastructure
Jobilla only relies on IaaS providers compliant with strong security standards, such as ISO 27001 and SOC 2 Type II, thus providing very strong guarantees for physical and logical security on the infrastructure level.
2.2.4 Anonymisation of data that is no longer relevant
Jobilla provides its customers the option to specify a “data retention policy” which will anonymise and/or erase data after a certain amount of time.
2.2.5 Accounts with limited access
Jobilla separates accounts into “user accounts” and “service accounts”. A User Account refers to an account tied to an individual person that can be uniquely identified. A Service Account refers to an account utilized by a piece of software, used to access data required to operate the software.
Jobilla has implemented an access management system into its software that restricts what Jobilla staff may access and do within the software systems. Every request to perform an action on any entity in Jobilla’s systems is first controlled against Jobilla’s access management systems to ensure the software user has proper access.
For its own software, Jobilla implements limited-access service accounts, as well as a “microservice architecture” to limit the amount of data available to software systems. This means that only a subset of Jobilla’s software systems can access personal data.
3. Measures to ensure integrity
Integrity refers to ensuring the correctness of data and the correct functioning of systems.
3.1 Organizational Measures
As all data processing is done through software systems, there are no relevant organizational measures to ensure integrity of the processing.
3.2 Technical Measures
3.2.1 Transport (in-transit) encryption
All data transport between Jobilla’s systems and its users on the Internet is protected with state-of-the-art transport encryption. Jobilla relies on industry best-practice TLS 1.3 transport encryption to protect all connections. See also 2.2.1.4.
3.2.2 Logging of system activities within the software systems
Significant system activities are logged with information about the actor, system component, activity, target resource, and timestamp (and optionally additional context). System logs are retained for 15 days.
3.2.3 Audit logging of candidate interactions within the software systems
Interactions with candidate data, Jobilla’s most significant stored personal data, is stored into an internal audit log that is preserved for a minimum of 3 years. This log contains a record of who has accessed or modified a candidate’s information and when.
4. Measures to ensure availability
The availability of software describes the ability of users to utilize that software as intended at any point in time.
4.1 Organizational Measures
4.1.1 Backup Policy
Jobilla has a backup policy in place describing its requirements for backup availability, geo-redundancy, and restore testing.
4.1.2 Incident Response Plan
Jobilla maintains an incident response plan for availability and security. This includes triage of the incident and resolution commitments based on the severity. Jobilla’s distributed architecture means we have multiple systems, and so our incident response plan is about minimizing disruption to critical systems, with lower commitments made to non-critical functions.
4.1.3 On-call Practices
At any point in time, there is at least one on-call engineer, who is responsible for responding to automated incident notifications.
4.1.4 Disaster Recovery Plan
Jobilla maintains a disaster recovery plan for its services to enable rapid recovery of its services in the event of natural and human-made disaster, political disturbances, internal and external human threats, internal and external malicious activities, and ceased operations of a core third party vendor (such as an infrastructure provider).
4.2 Technical Measures
4.2.1 Geographic redundancy
Jobilla’s data storage systems are geographically replicated in at least two different availability zones (AZ), within the same geographic region (EU). In the case of a data center failure, Jobilla can activate its replicas in another AZ, and provision the software systems into a functioning AZ within 24 hours of the failure.
4.2.2 Automated provisioning of hardware and software
By relying on code-driven and automated provisioning of all its system resources (servers, databases, as well as software systems), Jobilla has the ability to quickly restore its systems in the case of a wide system failure.
4.2.3 Capacity monitoring
There are monitoring systems in place that provide insight into capacity bottlenecks for some of Jobilla’s software systems.
4.2.4 Availability monitoring and alerting
There is a warning system for monitoring the availability and the status of the software systems. In the event of a failure, an on-call engineer is automatically notified so that measures can be taken immediately to rectify the problem. In case the failure goes unresolved, the warning system will automatically escalate and notify the Chief Technology Officer.