Independently audited compliance
We implement controls that are industry recognised and externally audited twice a year to verify their effectiveness and compliance to this standard
Certification across the whole platform
The scope of PageUp’s ISO 27001 ISMS is key. Many companies may just certify their homepage, or the HR Department. PageUp’s ISO 27001 Scope is across the entire Talent Management platform, plus the development and support of that platform, giving our clients peace of mind.
Secure data centre and hosting environment
The environment that hosts the PageUp Unified Talent Management Platform maintains multiple certifications for its data centers, people and services. For more information about their certification and compliance status, please visit the AWS Security website and the AWS Compliance Programs website.
Best practice for handling your sensitive data
We’re committed to keeping your sensitive data safe. We use best-practice security technology and frameworks to keep your data secure and compliant, including ISO 27001 accreditation and TX-RAMP Level 2 certification for cloud talent software solutions in Texas State/Local Government Departments, Universities and Higher Education Institutions.
Asset risks
Asset risks are annually identified and assessed at a high (strategic) level to determine the common risks across the entire PageUp environment. This risk assessment is used to determine a set of common security controls to be applied across the organisation. These security controls are defined in the PageUp information security policies. Risks in the asset risk register are reviewed on an annual basis and the set of common controls are modified as required.
Tactical risks
Any new risks identified throughout the year are entered into a tactical risk register. These risks often relate to new systems, new threats or newly discovered vulnerabilities. These risks are reviewed at least quarterly with the Information Security Governance Committee (ISGC) to discuss progress or to agree that the risk has been either accepted or treated and can be closed.
Industry leading security features
Modern browser support
PageUp supports all modern browsers. No plugins, no software.
AWS Security Groups
Security groups set up on least privilege basis. Regularly and automatically reviewed for changes.
HTTPS default
All connections to PageUp are sent over HTTPs using TLS (auto negotiate to highest, minimum TLS 1.1) on modern cipher suites.
Client segregation
Individual core DB per client. Hot/hot mirroring.
Single sign on
ADFS, OKTA, SAML, etc, whatever you use, we can implement SSO so setting new passwords is not required. Just use your work login for seamless login and ensure all passwords, timeouts etc match your internal policy requirements.
AWS security
Strong physical and logical security controls around the hosting locations, trusted by the world’s biggest and most security conscious companies
High Availability Architecture
We regularly test and verify our disaster recovery plans with zero impact to clients, given our highly available, secure and elastically scalable infrastructure
Web Application Firewall
Industry Leading WAF, IDS, IPS, DDOS protection inspect and detect all requests to PageUp’s Talent Management Platform
Elastic load balancers
Strong security policies across our Elastic Load Balancers, only accepting traffic from our WAF
Subprocessors
PageUp thoroughly assesses the security posture of third parties it uses to process personal information as part of its services. A list of these third parties can be found here.
Meet our Information Security
Governance Committee
Our ISGC is a cross functional team including but not limited to our; CEO, CFO, CTO, Head of Security and Compliance, VP Product, SVP Global Talent, General Counsel, Internal Security Team, Head of Customer Success Management, I.T. Manager, Software Engineering Leads, Senior Product Owner and Technical Leads
The Information Security Governance Committee (ISGC) actively support security within PageUp through clear direction, demonstrated commitment, explicit assignment and familiarity with all areas of the business including:
- Provide security leadership and guidance
- Oversee security operations at PageUp
- Raise security awareness across PageUp
- Create, update and enforce Security Policies
- Evaluate security related feedback from the business
- Identify, log, manage and mitigate or close Security Risks
- Run the ISGC meetings which discuss risks, feedback, improvements, policy updates and audit results
Check us out
Find out how the world's leading organisations use PageUp to
make better HR decisions every day
Check us out
Get started Check us out
Find out how the world's leading organisations use PageUp to
make better HR decisions every day
