WeCP (We Create Problems) is committed to ensuring the highest levels of security and privacy for both our clients and candidates. This document outlines the comprehensive measures, processes, and training that WeCP implements to protect sensitive information and maintain trust.

At WeCP, trust is foundational to our mission of providing advanced skill assessments and remote interviewing solutions. We recognize the critical nature of the data we handle and are dedicated to safeguarding it through globally recognized security practices.

WeCP integrates deeply with our clients' hiring processes, accessing strategic information that new hires will support. Consequently, we have adopted rigorous security measures to ensure all client and candidate data is protected.

WeCP upholds the privacy of thousands of candidates who complete assessments on our platform. Candidate data is collected solely to facilitate the hiring process and is stored on segregated US and EU servers. We never share this data with other companies or retain it for future use by third parties uninvolved in the hiring process. Our commitment to data protection is unwavering.

Compliance with regulatory standards and industry best practices is essential for protecting our customers' sensitive information. WeCP adheres to the following security-related audits and certifications:

WeCP utilizes Amazon Web Services (AWS) data centers, which are highly scalable, secure, and reliable, complying with leading security frameworks such as SSAE 16, SOC, ISO 27001, and PCI DSS.

WeCP conducts all business with honesty and integrity, adopting a zero-tolerance approach to bribery and corruption. Our anti-bribery policy is available upon request, detailing the controls and measures implemented for employees, vendors, and clients.

All WeCP employees are trained in internal policies and standards as part of their onboarding. Topics covered include device security, acceptable use, spyware/malware prevention, physical security, data privacy, account management, and incident reporting. We conduct regular phishing campaigns and use 1password manager for strong, unique passwords.

WeCP leverages AWS data centers for all production systems and customer data, ensuring state-of-the-art physical protection. Our offices are secured with access cards, CCTV cameras, 24/7 security monitoring, and a strict visitor log policy. Computers are secured in cabinets when unattended, and employees adhere to a Clear Desk Policy.

WeCP encrypts all user data in transit using TLS 1.2 (AES256).

All data at rest is encrypted with OS-level encryption (AES 256). Employee workstations are encrypted and centrally managed with antivirus and antimalware protection.

WeCP utilizes SSO via JumpCloud portal for secure logging and supports SAML integration with client authentication centers.

WeCP follows best practices throughout the software development cycle, including design, implementation, testing, and deployment. All code changes undergo peer review and continuous integration testing. Production changes are logged and archived, with strong credentials and two-factor authentication required for access.

WeCP conducts annual penetration testing and weekly vulnerability scans using Qualys. Code is also checked with SonarQube. All infrastructure changes and customer data access are logged for auditing purposes.

More information about our APIs is available in our API Documentation. Customer data is retained while the contract is active and for up to 90 days after termination. Data anonymization is used for statistical analysis and research.

WeCP ensures customer data is backed up daily, encrypted in transit and at rest, and geographically distributed for redundancy. We use third-party monitoring services for availability tracking, with engineers on call for outages. WeCP's infrastructure and support teams are geographically distributed to provide continuous support.

WeCP processes candidate data, including contact details, education, and professional roles, provided by the customer or the candidate. This data is used for inviting candidates to assessments and interviews, and providing performance feedback to clients.

Data is stored on AWS US East region servers and Rackspace for backups. For EU-based hosting, data is stored on AWS EU Central 1 region servers. Data is deleted when no longer required, and all transfers are subject to legal safeguards.

WeCP is dedicated to maintaining the security and confidentiality of our clients' and candidates' data. If you have any questions or require further information, please contact our Data Protection Officer at dpo@wecreateproblems.com