Skip to main content
All CollectionsAdmin & Billing
WeCP Security Practices Guide
WeCP Security Practices Guide
The WeCP Team avatar
Written by The WeCP Team
Updated over 2 months ago

Overview of WeCP Security Practices

WeCP (We Create Problems) is committed to ensuring the highest levels of security and privacy for both our clients and candidates. This document outlines the comprehensive measures, processes, and training that WeCP implements to protect sensitive information and maintain trust.

Introduction

At WeCP, trust is foundational to our mission of providing advanced skill assessments and remote interviewing solutions. We recognize the critical nature of the data we handle and are dedicated to safeguarding it through globally recognized security practices.

WeCP integrates deeply with our clients' hiring processes, accessing strategic information that new hires will support. Consequently, we have adopted rigorous security measures to ensure all client and candidate data is protected.

WeCP upholds the privacy of thousands of candidates who complete assessments on our platform. Candidate data is collected solely to facilitate the hiring process and is stored on segregated US and EU servers. We never share this data with other companies or retain it for future use by third parties uninvolved in the hiring process. Our commitment to data protection is unwavering.

Compliance and Industry Standards

Compliance with regulatory standards and industry best practices is essential for protecting our customers' sensitive information. WeCP adheres to the following security-related audits and certifications:

  • SOC 2: WeCP undergoes regular SOC 2 audits, with the latest report available upon request.

  • GDPR: We have implemented tools and processes to ensure compliance with the General Data Protection Regulation. Our Data Protection Impact Assessment (DPIA) report is available upon request.

  • ISO 27001: WeCP is certified as compliant with the ISO 27001 standard. Security policies and certification copies are available upon request.

  • CCPA: WeCP complies with the California Consumer Privacy Act.

WeCP utilizes Amazon Web Services (AWS) data centers, which are highly scalable, secure, and reliable, complying with leading security frameworks such as SSAE 16, SOC, ISO 27001, and PCI DSS.

Anti-Bribery Policy

WeCP conducts all business with honesty and integrity, adopting a zero-tolerance approach to bribery and corruption. Our anti-bribery policy is available upon request, detailing the controls and measures implemented for employees, vendors, and clients.

People Security

All WeCP employees are trained in internal policies and standards as part of their onboarding. Topics covered include device security, acceptable use, spyware/malware prevention, physical security, data privacy, account management, and incident reporting. We conduct regular phishing campaigns and use 1password manager for strong, unique passwords.

Physical Security

WeCP leverages AWS data centers for all production systems and customer data, ensuring state-of-the-art physical protection. Our offices are secured with access cards, CCTV cameras, 24/7 security monitoring, and a strict visitor log policy. Computers are secured in cabinets when unattended, and employees adhere to a Clear Desk Policy.

Data Security

Data in Transit

WeCP encrypts all user data in transit using TLS 1.2 (AES256).

Data at Rest

All data at rest is encrypted with OS-level encryption (AES 256). Employee workstations are encrypted and centrally managed with antivirus and antimalware protection.

Secure Logging

WeCP utilizes SSO via JumpCloud portal for secure logging and supports SAML integration with client authentication centers.

Secure Software Development Life Cycle (SDLC)

WeCP follows best practices throughout the software development cycle, including design, implementation, testing, and deployment. All code changes undergo peer review and continuous integration testing. Production changes are logged and archived, with strong credentials and two-factor authentication required for access.

Testing and Audit Trails

WeCP conducts annual penetration testing and weekly vulnerability scans using Qualys. Code is also checked with SonarQube. All infrastructure changes and customer data access are logged for auditing purposes.

API and Data Retention

More information about our APIs is available in our API Documentation. Customer data is retained while the contract is active and for up to 90 days after termination. Data anonymization is used for statistical analysis and research.

Disaster Recovery and Business Continuity

WeCP ensures customer data is backed up daily, encrypted in transit and at rest, and geographically distributed for redundancy. We use third-party monitoring services for availability tracking, with engineers on call for outages. WeCP's infrastructure and support teams are geographically distributed to provide continuous support.

Data Collection and Usage

Types of Data Collected

WeCP processes candidate data, including contact details, education, and professional roles, provided by the customer or the candidate. This data is used for inviting candidates to assessments and interviews, and providing performance feedback to clients.

Data Storage and Sharing

Data is stored on AWS US East region servers and Rackspace for backups. For EU-based hosting, data is stored on AWS EU Central 1 region servers. Data is deleted when no longer required, and all transfers are subject to legal safeguards.

Conclusion

WeCP is dedicated to maintaining the security and confidentiality of our clients' and candidates' data. If you have any questions or require further information, please contact our Data Protection Officer at dpo@wecreateproblems.com

Did this answer your question?