Security at Choice Screening

Security and Privacy is of the upmost importance to Choice Screening. It is critically important to protect unauthorized access from internal and/or external threats. We have put in place numerous standards and policies to ensure protection and safety of our employees, vendors, clients, and consumers. 

Governance

Choice Screening's leadership team has established policies and controls in alignment with System and Organization Controls for Service Organizations 2 (SOC 2) Common Criteria, and continuously monitors those policies and controls using Vanta, the leading Trust Management Platform.
6-6-23 AI in Employment

Coming Soon...

As of May 2023 Choice Screening is pursuing a SOC 2 Type II Attestation and will share our Trust Report as soon as it is available.

Data Protection

  • Computer Profile Data at Rest

    All datastores with customer data, including Azure blob storage accounts, are encrypted at rest. Tables and collections containing privileged or sensitive customer data are further encrypted at the row level, ensuring that the data is encrypted before being stored.

  • icon-arrow-both-waysData in Transit

    Choice Screening uses TLS 1.2 or higher everywhere data is transmitted.  We also employ HSTS (HTTP Strict Transport Security) to maximize the security of our data in transit. Server TLS keys and certificates are managed within Microsoft Azure.

  • icon-pillar-partnershipSecurity Management

    Choice Screening manages encryption keys via Azure Key Vault. Key Vault utilizes Hardware Security Modules (HSMs), which prevents direct access by any individuals, including employees of Microsoft and Choice Screening. The keys stored in HSMs are used for encryption and decryption via Microsoft's Key Vault APIs.
  • icon-shield

    Product Security

    Choice Screening engages with one of the best penetration testing consulting firms in the industry at least annually. Our current preferred penetration testing partner is Kobalt.io.  We make summary penetration test reports available via our Trust Report (coming soon).

  • icon-pillar-strategicVulnerability Scanning

    Choice Screening requires vulnerability scanning at key stages of our Secure Development Lifecycle (SDLC), including detecting vulnerable libraries introduced in pull requests, quarterly vulnerability scans against our codebase and periodic network vulnerability scanning in our production environments.

Enterprise Security

  • Endpoint Protection

    Choice Screening's corporate devices are centrally managed using mobile device management software and each device is outfitted with anti-malware protection, disk encryption, screen lock configuration and continuous software updates.  We monitor endpoint security alerts 24/7/365.

  • Secure Remote Access

    Choice Screening secures remote access to internal resources using FortiGate firewall appliances and Fortinet ZTNA delivered via FortiClient.

  • Security Education

    Choice Screening provides comprehensive security training to all employees upon onboarding and on an annual basis.  We also host live security trainings for our employees on a regular basis.

  • Identity and Access Management

    Choice Screening utilizes Microsoft Active Directory to secure our employee identity and access management.  We also use Auth0 for our client-facing applications to provide the same security to our clients. Choice Screening employees are granted access to applications based on their role and are deprovisioned upon termination of their employment. Further access must be approved according to the policies set for each application.

shutterstock_306873251

Vendor Security

Choice Screening uses a risk-based approach to vendor security. Factors which influence the inherent risk rating of a vendor include:

  • Access to customer and corporate data
  • Integration with production environments
  • Potential damage to the Choice Screening brand.

Once the inherent risk rating has been determined, the security of the vendor is evaluated, including evaluating any security and compliance certifications or attestations they hold, in order to determine a residual risk rating and an approval decision for the vendor.
choice-screening-cmyk

At Choice Screening, Data Privacy is a first-class priority.

See our Privacy Policy for more details.

 

Privacy Policy
Accreditation Logo 2 WHITE transparent_PBSA

Subscribe to our Blog

© 2024 Choice Screening, Inc.