How we work behind the scenes to protect and secure your information.
Our security policies, controls, and standards cover a wide range of areas to include information security, incident response, access control, physical security, network security, vulnerability management, software/systems development life cycle, secure development, change management, vendor management, disaster recovery and business continuity.
Checkr uses role-based access control (RBAC) and an identity management system to identify, authenticate, and validate access to systems or resources. Multi-factor authentication is required to access core systems and for remote access to the Checkr environment. Internal policies and technical access controls prohibit arbitrary staff access to a candidate’s personal identifiable information (PII) or other private screening or records information without a valid business need.
Data is transferred securely using Transport Layer Security (TLS) with 128-bit or higher Advanced Encryption Standard (AES) encryption. Data is also stored securely at rest with AES-256-bit encryption. Encryption keys are stored separately from the encrypted data and it’s all hosted in our off-site secure cloud infrastructure.
Checkr performs regular application and infrastructure security vulnerability and penetration testing, by internal security staff and third-party security researchers/specialists, including a bug bounty program, to proactively identify vulnerabilities and complete remediation in a timely manner. To responsibly disclose or report a security vulnerability to Checkr, contact email@example.com.
Checkr maintains systems development life cycle (SDLC) policies and procedures to guide in the documentation and implementation of application and infrastructure changes, in addition to maintaining industry standard best practices. Change control includes change requests, initiation process, documentation requirements, development practices, quality assurance, testing requirements and required approval procedures. Version control maintains a history of code changes to track changes and to support rollback capabilities, if needed.
Checkr production systems are housed at third-party subservice organization data centers and managed service providers. Third party providers are responsible for physical, environmental and operational security controls, and Checkr is responsible for network, application and logical security controls of our infrastructure.
Checkr has its systems, people, processes and controls certified and assessed through regular independent third-party audits.
Checkr is Privacy Shield certified. This means that Checkr has met the requirements of the Privacy Shield program administered by the United States Department of Commerce and is able to export data from the European Union to the United States of America. More information about the Privacy Shield program can be found here. Checkr’s Privacy Shield certification can be found here.
Checkr is compliant with the California Consumer Privacy Act (CCPA) while maintaining full compliance with the long-standing, established Fair Credit Reporting Act (FCRA). While CCPA applies to California citizens, Checkr will apply those rights to all United States consumers regardless of their state of residence or citizenship.
Take control of your data
If you are a consumer based in the United States:
Access Your Data
You can access the information Checkr holds on you, including your background Check.
Delete Your Data
You have the right to delete your data. After deleting your data, you will no longer have access to our Candidate Portal.