Security

Last Updated: July 9, 2019
LAYERED SECURITY
APPLICATION SECURITY FOR BACKGROUND CHECKS
Data transmitted to or from the EvanceBackcheck applications is encrypted using TLS 1.2. We store sensitive information in encrypted form using a unique key.
ACCOUNT SECURITY FOR EMPLOYERS AND CANDIDATES
We follow best practices for protecting your EvanceBackcheck employer or candidate account with passwords, role-based access controls, and suspicious activity alerts.
ORGANIZATIONAL SECURITY
All EvanceBackcheck employees undergo in-depth background checks before joining the team, and our inhouse privacy and security experts regularly audit compliance with policies and procedures.
INFRASTRUCTURE SECURITY
Our infrastructure service providers, such as Azure Web Services, have achieved SO:27001, PCI DSS, and UK OFFICIAL compliance and meet rigorous standards for protecting the networks and servers powering EvanceBackcheck.
HIGH AVAILABILITY
UPTIME MONITORING
The EvanceBackcheck platform is independently monitored 24/7 from 60+ locations around the globe for any signs of downtime or service degradation. Our US-based support team is on hand, Monday through Friday, from 8 AM to 8 PM ET, to answer any questions should you suspect an uptime issue.
BACKUP AND FAILOVER
We architect EvanceBackcheck’s platform, applications, and databases across multiple availability zones for fast failover and send frequent backups in encrypted form to an offsite location.
NON-DISRUPTIVE DEPLOYMENT OF CODE
Our engineering team uses blue/green deployments for releasing changes into production, which lets us deliver frequent updates while minimizing the need for maintenance windows with downtime.
SCALABLE ARCHITECTURE
EvanceBackcheck is a scalable, highly available, fault-tolerant US-based web service, leveraging best-ofbreed infrastructure providers to optimize availability and performance.
REPORT A SECURITY CONCERN
If you believe you have discovered a security and/or privacy vulnerability that affects EvanceBackcheck services, please report it to us. We appreciate reports from everyone, including customers, developers, and researchers. The company participates in a bug bounty program.
When reporting a security or privacy vulnerability, please include the following:
● The specific product and software version that you believe to be affected
● A thorough description of the behavior observed in the vulnerability
● A clear list of steps required to reproduce the issue; if the steps to reproduce the problem are difficult to document, we encourage you to include a video capture of the steps along with the written description
Once we receive your report, we will review the details and contact you if we need more information. Please report your findings to security@EvanceBackcheck.com.