See our packages page for process, pricing, and implementation!

Infrastructure, Security, and Data Privacy

Sift HR is committed to protecting all confidential and personally identifiable information collected in the delivery of our assessment products and consulting services. We have developed a robust framework and controls which are regularly scrutinized. Our policies and controls define and enforce security practices that safeguard the data our customers and participants entrust to our keeping, as well as ensure the highest levels of availability of our assessment platforms for doing business at any time, in any time zone in the world.

Data Center Security

Our assessment platform is maintained in three Tier 3 data centers, and each facility benefits from recommended hardened hosting environment features including:

  • 24×7 security guard protection
  • Security camera monitoring
  • Restricted physical access to systems
  • ISO/IEC 27001-based policies and procedures, which are reviewed by independent auditors
  • Fully documented change-management procedures
  • Secure media handling and destruction procedures for all customer data

The data centers are audited to ISAE 3402 and SSAE 16 standards and maintain current SSAE 16 SOC 2 reports, which are available to our customers and prospects. Our platforms were among the first to be EU-US and US-Swiss Privacy Shield certified, and we are committed to comply with GDPR.

Network and Server Security

Servers and networks are actively monitored by a suite of proven monitoring solutions. This system monitors over 1800 sensors on over 200 servers and infrastructure devices. Resources are checked at least once every five minutes, and critical indicators are sampled every 60 seconds.

Data for each monitoring point is automatically recorded and tracked for historical trend analysis. Other network and server security safeguards include:

  • Automated system installation using hardened and patched OS
  • Dedicated redundant stateful network firewalls and application layer firewalls
  • DDoS (Distributed Denial of Service) and threat mitigation systems
  • Quarterly third party vulnerability scanning and penetration testing