Security & Compliance
Enterprise grade security and compliance with African data protection regulations. Your data is protected with industry leading security measures and full compliance with local and international standards.
At Careersome, we understand that your HR data is among your most sensitive information. We implement comprehensive security measures to protect your data, ensure privacy, and maintain compliance with data protection regulations.
Security Principles
Data Encryption
All data in transit and at rest is encrypted using industry standard AES-256 encryption. We use TLS 1.3 for all connections to ensure your data remains secure during transmission.
Access Control
Role based access control (RBAC) ensures that only authorized personnel can access sensitive data. Multi factor authentication (MFA) is available for enhanced security.
Secure Infrastructure
Our cloud infrastructure is hosted on secure, compliant data centers with regular security audits, intrusion detection, and 24/7 monitoring.
Regular Audits
We conduct regular security audits, penetration testing, and vulnerability assessments to identify and address potential security risks proactively.
Data Backup & Recovery
Automated daily backups ensure your data is protected. We maintain redundant backups in geographically distributed locations with point in time recovery capabilities.
Privacy by Design
Privacy considerations are built into every aspect of our platform. We minimize data collection, implement data retention policies, and provide tools for data deletion.
Compliance & Certifications
Careersome is committed to compliance with data protection regulations across Africa and internationally. We work continuously to meet and exceed regulatory requirements.
Nigerian Data Protection Regulation (NDPR)
Full compliance with Nigeria's data protection regulation, ensuring proper handling of personal data for Nigerian organizations and citizens.
Kenya Data Protection Act
Compliance with Kenya's Data Protection Act, including requirements for data processing, storage, and cross border transfers.
South Africa POPIA
Adherence to South Africa's Protection of Personal Information Act (POPIA) requirements for data protection and privacy.
Ghana Data Protection Act
Compliance with Ghana's Data Protection Act, ensuring proper data handling and privacy protection for Ghanaian users.
GDPR Compliance
Alignment with General Data Protection Regulation (GDPR) principles for international data protection standards, applicable for European operations.
ISO 27001 (In Progress)
Working towards ISO 27001 certification for information security management systems, demonstrating our commitment to security best practices.
Data Residency & Sovereignty
We understand the importance of data sovereignty for African organizations. Careersome offers flexible data residency options to meet your compliance and regulatory requirements.
Regional Data Centers
Data can be stored in regional data centers within Africa to ensure compliance with local data residency requirements and reduce latency.
Data Localization
For organizations with strict data localization requirements, we can configure data storage to remain within specific countries or regions.
On Premises Deployment (Enterprise)
Enterprise plan customers can host their own data on premises or in their own cloud infrastructure. This gives you complete control over your data, ensuring maximum security and compliance with the strictest regulatory requirements.
Cross Border Transfers
When data transfers are necessary, we ensure they comply with applicable regulations and use appropriate safeguards such as Standard Contractual Clauses (SCCs).
Security Features
Careersome includes built in security features to help you protect your organization's data and maintain compliance.
Role Based Access Control
Granular permissions ensure users only access data and features relevant to their role. Admins can customize roles and permissions to match organizational needs.
Multi Factor Authentication
Optional MFA adds an extra layer of security to user accounts, protecting against unauthorized access even if passwords are compromised.
Audit Logs
Comprehensive audit logs track all user activities, data access, and system changes for security monitoring and compliance reporting.
Data Export & Deletion
Users can export their data at any time, and organizations can request complete data deletion in compliance with data protection regulations.
Secure Communication
All communications within the platform are encrypted. Email notifications can be configured to use secure channels.
Regular Security Updates
We regularly update our platform with security patches and improvements to address emerging threats and vulnerabilities.
Incident Response
We maintain a comprehensive incident response plan to quickly identify, contain, and remediate security incidents.
24/7 security monitoring and threat detection
Rapid incident response team activation
Immediate containment of security threats
Thorough investigation and root cause analysis
Transparent communication with affected organizations
Post-incident review and security improvements
Have Security Questions?
Our security team is available to discuss your specific security and compliance requirements. Contact us to learn more about our security measures and how we can meet your organization's needs.
