Security FAQ

What measures have been taken for data security?

Advorto is certified to ISO 27001.

How does the system manage multiple user roles, for example: Administrators, Recruiters, Hiring managers?
Access to functionality within the Advorto system is managed by allocating users to security groups. Clients may have as many different security groups defined as are required. This may or may not be aligned with roles. Users may also be allocated a role, roles control which users are assignable to different roles on a vacancy, e.g. who is the Hiring Manager, the Recruiter, etc. Where the requisition module is implemented, user roles are also used to define which users will be responsible for the different workflow stages of the approvals process.

How do you segregate the data between different areas of our business?
Users may also be classified, which may be used to control which data they have access to, e.g. only able to see vacancies/candidates which they are the Hiring Manager for, only in their department, only in their location, or visibility across all vacancies/candidates. These are known as user preferences and these may be global (available to all users) or personal. The security group which a user is in controls whether users are fixed to a single preference, which they can't change, are allowed to switch between different preferences or not and whether they have access to global preferences or not.

Do you operate an Information Security Management System (ISMS)?
Advorto recognises and is committed to its legal and regulatory responsibilities to ensure that data held or processed on its or clients behalf is controlled, stored and protected to maintain its confidentiality, integrity and availability at all times. Furthermore, it seeks to limit the Company’s exposure to the risks arising from the loss, corruption or misuse of its information assets. Advorto exercises its responsibilities through the application of the Information Security Management System (ISMS) as well as through the framework provided in ISO27001.

How does the system automatically purge obsolete data in accordance with Data Protection guideline?
The Advorto system can purge data – this process can be started manually, or set to occur at a defined stage in the process, or at a set time e.g. purge data for all applicants who have withdrawn from the process after a period of 6 weeks, or purge all applicant data once an applicant has accepted an offer and their data has been uploaded into the HR system.

Does the system have the ability to provide a full audit of user activity?
All activities that are carried out within the Advorto system are written to an easy to read full audit trail.

Does your system require users to log-on using a unique identifier and password?The Advorto security system can enforce password and username protocols to suit your standards.

Does the system enforce user time-outs?
The system will time out a logged in user after a pre set period of inactivity

Does the system support compliance with local Data Protection legislation globally and provide auto-archiving facilities?
Advorto can confidently meet the international Data Protection legislation relevant to each of your Operations. We can provide Auto- archiving facilities which would be based on your business requirements

Does the system operate secure access control to minimise the risk of unauthorised access?
The Advorto system is delivered as a highly secure Software as a Service capability. Our Data Centre is accredited to ISO27001 standards. The Data Centre is open to external audit by Advorto clients, and we will be pleased to work with your security staff to enable Pen Tests, allow them to launch attempts at malicious attacks so as to satisfy themselves that the system is secure from all such attempts to breach the security processes in place.

How does the system comply with all current and future legislation?
Many of our clients also operate in highly regulated environments. As a technology partner, Advorto does not provide any form of legal advice, or explicit legal guidance to any of our clients as this is not our area of expertise.

However, Advorto will always respond rapidly to clients' requests to make system changes/alterations to ensure that compliance with appropriate legislation is maintained.

In addition, if Advorto becomes aware of any generic changes to the legal requiements around the use of e-recruitment systems and the storage and use of personal data, then we will undertake to notify all of our clients of such changes, and then recommend that they investigate the implications to their own particular industry or field.

Back to Top