Data Security & Privacy
We believe that all businesses can be compliant when hiring and employing workers. We help businesses in all industries with this goal, which will eventually raise the compliance levels across Australia.
In order to do that, collecting personal information is part of that process. Simultaneously, developing and maintaining our customers’ trust is a top priority for our business and our team.
Below you will find documents and information that detail privacy and security measures which we take seriously, so that you can be confident using our application, and engaging with us to ensure your data is safe and secure.
The Privacy Act 1988 and The Australian Privacy Principles
As an organisation dealing with personal identifying information (PII) CheckWorkRights is bound by The Privacy Act 1988. The Privacy Act includes 13 Australian Privacy Principles. We follow these principles when we collect, use and disclose personal information to other sources Australian Department of Home Affairs, and Australian Employers.
We’re SOC 2 Compliant
SOC 2 is a rigorous industry standard set by the American Institute of Certified Public Accountants (AICPA), focusing on the safety and privacy of information and systems. Think of it as a robust shield, designed to safeguard your data’s integrity and confidentiality.
Prescient Assurance LLC conducted our audit, thoroughly evaluating our security measures. Their detailed assessment confirms that we’re not just meeting but surpassing the highest standards of data protection.
We’re committed to security
At CheckWorkRights, our team’s extensive experience in designing secure systems and handling sensitive data from global companies is deeply integrated into our operations. Since our inception, we’ve maintained an unwavering commitment to security and privacy, ensuring the utmost protection of our customers’ data.
CheckWorkRights Architecture
We do not store data outside of Australia. CWR hosts applications and API services with Amazon Web Services in Sydney. As one of the largest providers of cloud services globally Amazon is naturally a market leader in relation to security and redundancy. Detail on AWS physical and web security is available here.
CWR Application specific security measures:
- Encryption of data in transit and at rest
- Automated ongoing monitoring of our APIs, applications and infrastructure. These scan our application and notify us in real-time of any vulnerabilities or issues.
- Web Application Firewall Our application sits behind a Web application firewall which limits our exposure to threats from the internet.
- Rolling encrypted backups enable us to reinstate our application and customer data with the minimum possible downtime in the event of an unexpected disaster occurring.
- Regular penetration testing is conducted by CWR personnel and external independent CREST-certified security organisations.
Secure Account Access and Authentication
We offer a variety of enterprise-grade authentication protocols to ensure only authorised users can access sensitive candidate and employee data.
CheckWorkRights supports Multi-Factor Authentication (MFA), requiring a one-time token to be entered at login. Our Domain Restriction features allows CheckWorkRights account administrators to control which email domains are available to their new users, preventing unauthorised use of non-business email addresses.
Additionally, we offer Magic Linking for password-free account access. By sending a unique, time-limited secure token via email, we eliminate the risks associated with credential theft, allowing users to authenticate instantly and securely with a single click.
Alternatively, enterprise organisations can use Single Sign-On (SSO) via Microsoft Entra (formerly Active Directory) for greater control over user access using existing Microsoft credentials. This streamlines the login process and ensures compliance with internal security policies.
End-User Licence Agreement (EULA)
This document forms the contract between CheckWorkRights who is providing the software and the client, who is using the software.
It includes topics such as what you can do when using the software and our rights and obligations to you as the software provider.
By using our applications, you agree that you have read and understand the EULA, and agree to be bound by all terms and conditions contained within.
CheckWorkRights Privacy Policy
The CheckWorkRights Privacy Policy goes into specific detail on the steps we, as an organisation handling sensitive personal data, take to safeguard this information whilst in our care. The policy goes into specific detail on the thirteen Privacy Principles as specified within The Privacy Act.