Security

Last Updated: January 2025

Security Overview

At Reasoned Systems, security is fundamental to everything we build. We understand that you trust us with sensitive candidate data, and we take that responsibility seriously. Our platform is designed with security at every layer.

SOC 2 Type I Compliant

We have achieved SOC 2 Type I compliance, demonstrating our commitment to security, availability, and confidentiality. Our controls are independently audited to ensure they meet rigorous standards.

Encryption

All data is encrypted at rest and in transit.

  • In Transit: All data transmitted between your browser and our servers uses TLS 1.3 encryption
  • At Rest: All stored data is encrypted using AES-256 encryption
  • Database: Our databases use encrypted storage volumes
  • Backups: All backups are encrypted before storage

Access Controls

We implement strict access controls to protect your data:

  • Role-Based Access: Users only have access to data they need for their role
  • Multi-Factor Authentication: Available for all accounts
  • Single Sign-On: Integration with your identity provider (SSO)
  • Session Management: Automatic session timeouts and secure session handling
  • Audit Trails: All access is logged for accountability

Audit Logging

We maintain comprehensive audit logs to ensure accountability and support compliance:

  • All user actions are logged with timestamps and user identification
  • Administrative actions are separately tracked
  • Logs are tamper-resistant and securely stored
  • Logs are retained for 7 years to support compliance requirements

Data Retention

We retain data only as long as necessary for business and compliance purposes:

  • Audio recordings: 7 days
  • Transcripts: 90 days
  • Decision artifacts: 7 years
  • Audit logs: 7 years

Data is securely deleted after retention periods expire using industry-standard methods.

Compliance

Our platform is designed to meet the requirements of:

  • NYC Local Law 144 (AEDT) - Automated Employment Decision Tool requirements, including bias auditing and notice obligations
  • EEOC Guidelines - Equal Employment Opportunity Commission guidance on employment testing and selection
  • GDPR Ready - European General Data Protection Regulation requirements for data protection and privacy
  • EU AI Act Ready - European AI regulation requirements for high-risk AI systems in employment

Infrastructure Security

Our infrastructure is hosted on enterprise-grade cloud providers with:

  • SOC 2 certified data centers
  • Geographic redundancy for disaster recovery
  • Network segmentation and firewalls
  • DDoS protection
  • Regular security patching and updates

Application Security

We follow secure development practices:

  • Regular security code reviews
  • Automated vulnerability scanning
  • Penetration testing by third parties
  • Security training for all developers
  • Secure software development lifecycle (SDLC)

Incident Response

We have a documented incident response plan that includes:

  • 24/7 monitoring for security events
  • Defined escalation procedures
  • Communication protocols for affected customers
  • Post-incident review and improvement process

If we become aware of a security incident affecting your data, we will notify you promptly in accordance with applicable law.

Vendor Security

We carefully evaluate the security practices of our vendors and subprocessors:

  • Security assessments before engagement
  • Contractual security requirements
  • Regular review of vendor security posture
  • Data processing agreements where required

Reporting Security Issues

If you discover a security vulnerability, please report it to:

Email: security@reasonedsystems.com

We appreciate responsible disclosure and will work with you to address any issues promptly.

Contact Us

For security-related questions, please contact:

Email: security@reasonedsystems.com

Address: Reasoned Systems, Inc.