Security
Frequently asked questions
We created this FAQ to answer our Customers most common security questions.
Definitions
In the FAQ below the following terms are defined as:
- HR: Human Resources
- JS: Job Seeker
Compliance
What security certifications does Pera hold?
Pera has been ISO27001 certified since 2018.
Platform security
Where is the platform hosted?
We host in AWS Ireland.
Our failover/standby AWS region is Frankfurt.
How often do you backup?
The database is backed up in real-time (mirrored) from Ireland to Frankfurt.
Daily snapshots are taken of the database. The snapshots are kept for 30 days.
Is data encrypted in transport and at rest?
All network traffic to our platform is encrypted https.
All data stored at rest is encrypted with AES 256.
Do you perform pentests?
We've been pentested annually since 2018.
Any identified issues are promptly fixed.
Product security
Are passwords strong and encrypted?
We require strong password and enforce a minimum password length and complexity.
Passwords are encryped, salted, and hashed using PBKDF2.
Does Pera support SSO and 2FA?
SSO: Admins can configure our HR platform to authenticate via Microsoft Entra ID (formerly AzureAD). Our SSO setup help page is here.
2FA: Admins can configure our HR platform to require 2FA for login along with passwords.
Does Pera support different levels of access for HR users?
HR users can be assigned to one of three groups:
- Admin
- Manager
- Recruiter
With reducing levels of access.
This can be done in our platform. Or, if the Customer has integrated SSO, within the Customer's identity providers, e.g. MS Entra ID.
Can I control which Interviews HR users can access?
Yes. Individual HR users can be assigned to one or more Interviews. So when they log in they only "see" those Interviews.
Candidate data
What happens to candidate data at the end of a project?
The maximum age of candidate data in our platform is two years. When data ages out it is either anonymised or deleted, depending on the permissions candidates gave when they logged in.
HR users can set a custom maximum age (less than 2 years) for candidate data in the platform per Interview.
Custom arrangements for data anonymisation/deletion are also available on request.
Can candidates download their data?
Within the JS platform, candidates can download all their data from their account page.
Can candidates request deletion of their account and data?
On the JS platform account page, the JS can request account deletion.