Enterprise-grade security, built for environments where the stakes are public.
Workforce data carries weight. We treat it that way. Proven across 120+ ministries and statutory bodies, with the encryption, access controls, and audit posture enterprise procurement teams expect — and a Trust Centre that puts the documentation in your hands.
When the controls have to satisfy a public audit, this is what we're used to.
Deployed across 120+ ministries and statutory bodies, managing 1.3 million+ career profiles in environments where the data protection bar is set by national regulators, not corporate procurement.
Our security programme has been reviewed and approved by government information security offices and enterprise procurement teams across Singapore, Malaysia, and the United Kingdom.
And because security documentation is rarely the most fun part of a procurement cycle, we maintain a public-facing Trust Centre with the full picture: security, privacy, responsible AI, sub-processors, and compliance status — so your security team can self-serve before the formal review.
120+
Ministries & statutory bodies
Public sector deployments
1.3M+
Talent profiles
Under continuous protection
99.9%
Uptime target
Enterprise SLA
AES-256
Encryption at rest
Plus TLS 1.2/1.3 in transit
Security standards & assurance
Honest about where each item sits — held, in progress, or held by our cloud provider on our behalf. Full status on the Trust Centre.
CSA STAR Level 1
Cloud Security Alliance STAR self-assessment completed and published.
ISO/IEC 27001
Operating to ISO 27001 principles. Formal certification on the assurance roadmap.
SOC 2 Type II
Controls mapped to SOC 2 Trust Services Criteria. Type II audit on the assurance roadmap.
GDPR, UK GDPR, PDPA
Operating as Data Processor with full DPA, EU SCCs, and UK Addendum available.
Platform security controls
Six control areas, designed to satisfy enterprise procurement and government audit at the same time.
Encryption & key management
AES-256 at rest. TLS 1.2/1.3 in transit. AWS KMS key management with rotation. Encrypted backups.
Sovereign-grade infrastructure
Region-configurable deployment (Singapore, Ireland, Virginia). Tenant isolation through dedicated database instances for enterprise clients.
Identity & access
RBAC with least-privilege defaults. MFA on all administrative accounts. SSO support for enterprise customers.
Continuous assurance
Annual third-party penetration testing. Continuous SAST/DAST and dependency scanning in CI/CD. WAF, DDoS protection, OWASP Top 10 coverage.
Incident response & continuity
Documented incident response with severity-based triage. RPO ≤ 12h, RTO ≤ 24h. Client notification without undue delay (target 72h).
Audit & logging
Immutable audit logging for administrative actions. Centralised SIEM monitoring. Logs retained per regulatory and contractual requirements.
Privacy by design, not by addendum
Privacy isn't a clause we attach at the end of a contract — it's the four principles that shape every product decision.
Data minimisation
We collect only what's needed for the service — and we surface that to controllers explicitly, not in fine print.
Granular consent
Every data processing purpose tied to a specific consent. Withdrawal and rectification supported through self-serve and DPO workflows.
Controlled access
Strictly need-to-know. Role-based access control across the platform. Internal access logged and reviewed.
Data subject rights
Access, rectification, erasure, portability, restriction, and objection — supported through documented workflows and contractual commitments.
The full picture, on one page
Security overview, privacy and DPA, responsible AI governance, sub-processor register, compliance status, and contact for diligence requests. Built so your security and procurement teams can self-serve the answers — before the formal review starts.
Workforce optimisation powered by whole-person intelligence.
Security you can stand behind in any audit.
Talk to our security team about your specific data, residency, and compliance requirements — or jump straight into a demo and we'll bring the documentation with us.