Workable Security and Compliance Framework

This document is a technical report detailing Workable's security and compliance framework. It outlines the comprehensive measures implemented to protect organizational and candidate data, emphasizing the importance of security in recruitment and employee management. The report describes the role of a dedicated Security Team responsible for continuous improvement of security controls, including security audits, threat mitigation, and compliance with industry standards such as ISO 27001 and ISO 27017. It explains the use of a web application firewall, encryption practices for data in transit and at rest, and the implementation of strong authentication methods. The document also covers incident management policies, vulnerability management processes, and the importance of employee training in maintaining a robust security culture. Additionally, it highlights compliance with regulations such as CCPA and GDPR, detailing the responsibilities of both Workable and its customers in ensuring data protection. The report concludes with information on third-party vendor assessments and the company's commitment to maintaining high security standards.