All data in transport to and from our systems (even internal requests between instances) are encrypted over HTTPS.
Sensitive data values such as SSN and PII (Personally Identifiable Information) are stored in the database encrypted with AES-256. The encrypted data is signed using a message authentication code (MAC) so that the underlying value can not be modified once encrypted.
Furthermore, all the databases are then encrypted at rest, and only accessible via secured keys by our application and limited ClearChecks employees. Contractors are not given access to any key management to decrypt data.
We take handling PII data very seriously, which is why we designed our systems to allow the applicants to submit their own information without employers handling this data as many do over fax, email, and paper forms. We also only show the last-4 of the SSN to the employer in the application, in case reports are printed, etc.
ClearChecks is accredited by the Professional Background Screeners Association and audited for compliance as a Consumer Reporting Agency as defined by the FCRA, or "Fair Credit Reporting Act". Our product is intended to be used for employment screening and has been built with compliance in mind.
Drata tests ClearChecks's security and IT infrastructure daily to ensure the company maintains a strong security posture, as defined by industry-standard security standards.
Please sign in to leave a comment.