Best practice ISO 27001 certification

PageUp is certified to ISO/IEC 27001:2022. ISO 27001 is widely regarded as best practice for implementing an Information Security Management System and the most complete security guideline in existence

Independently audited compliance

We implement controls that are industry recognisedrecognized and externally audited twice a year to verify their effectiveness and compliance to this standard

2
3

Certification across the whole platform

The scope of PageUp’s ISO 27001 ISMS is key. Many companies may just certify their homepage, or the HR Department. PageUp’s ISO 27001 Scope is across the entire Talent Management platform, plus the development and support of that platform, giving our clients peace of mind.

View our ISO 27001 certificate, details and scope here

Secure data centre and hosting environment

The environment that hosts the PageUp Unified Talent Management Platform maintains multiple certifications for its data centers, people and services. For more information about their certification and compliance status, please visit the AWS Security website and the AWS Compliance Programs website.

4
TX-RAMP-logo

Best practice for handling your sensitive data

The environment that hosts the PageUp Unified Talent Management Platform maintains multiple certifications for its data centers, people and services. For more information about their certification and compliance status, please visit the AWS Security website and the AWS Compliance Programs website.

Industry leading risk management methodologies

No system is perfect: flaws, weaknesses and vulnerabilities will be found. Because of this, risk management across any SaaS or technology platform is key. PageUp bases its risk management methodology on the international standard for risk management ISO 31000.

PageUp uses a two-tiered approach for managing information security risk. Using a two-tiered approach allows for the periodic assessment of risks across the entire organisationorganization, as well as ongoing day to day management of individual risks as they are identified.

  • Asset risks

    Asset risks are annually identified and assessed at a high (strategic) level to determine the common risks across the entire PageUp environment. This risk assessment is used to determine a set of common security controls to be applied across the organisationorganization. These security controls are defined in the PageUp information security policies. Risks in the asset risk register are reviewed on an annual basis and the set of common controls are modified as required.

  • Tactical risks

    Any new risks identified throughout the year are entered into a tactical risk register. These risks often relate to new systems, new threats or newly discovered vulnerabilities. These risks are reviewed at least quarterly with the Information Security Governance Committee (ISGC) to discuss progress or to agree that the risk has been either accepted or treated and can be closed.

Industry leading security features

  • Modern browser support

    PageUp supports all modern browsers. No plugins, no software.

  • AWS Security Groups

    Security groups set up on least privilege basis. Regularly and automatically reviewed for changes.

  • HTTPS default

    All connections to PageUp are sent over HTTPs using TLS (auto negotiate to highest, minimum TLS 1.1) on modern cipher suites.

  • Client segregation

    Individual core DB per client. Hot/hot mirroring.

  • Single sign on

    ADFS, OKTA, SAML, etc, whatever you use, we can implement SSO so setting new passwords is not required. Just use your work login for seamless login and ensure all passwords, timeouts etc match your internal policy requirements.

  • AWS security

    Strong physical and logical security controls around the hosting locations, trusted by the world’s biggest and most security conscious companies

  • High Availability Architecture

    We regularly test and verify our disaster recovery plans with zero impact to clients, given our highly available, secure and elastically scalable infrastructure

  • Web Application Firewall

    Industry Leading WAF, IDS, IPS, DDOS protection inspect and detect all requests to PageUp’s Talent Management Platform

  • Elastic load balancers

    Strong security policies across our Elastic Load Balancers, only accepting traffic from our WAF

Subprocessors

PageUp thoroughly assesses the security posture of third parties it uses to process personal information as part of its services. A list of these third parties can be found here.

 

Meet our Information Security
Governance Committee

Our ISGC is a cross functional team including but not limited to our; CEO, CFO, CTO, Head of Security and Compliance, VP Product, SVP Global Talent, General Counsel, Internal Security Team, Head of Customer Success Management, I.T. Manager, Software Engineering Leads, Senior Product Owner and Technical Leads

The Information Security Governance Committee (ISGC) actively support security within PageUp through clear direction, demonstrated commitment, explicit assignment and familiarity with all areas of the business including:

  • Provide security leadership and guidance
  • Oversee security operations at PageUp
  • Raise security awareness across PageUp
  • Create, update and enforce Security Policies
  • Evaluate security related feedback from the business
  • Identify, log, manage and mitigate or close Security Risks
  • Run the ISGC meetings which discuss risks, feedback, improvements, policy updates and audit results

Take a look

Find out how the world's leading organisationsorganizations use PageUp to make better HR decisions every day.

pageup_bottom_cta_2024_image

Take a look

Get started
pageup_bottom_cta_2024_image

Take a look

Find out how the world's leading organisationsorganizations use PageUp to make better HR decisions every day.

Get started

Take a look

Get started