Employee
Data Protection

256AES/ FIPS 140-2 encryption protects all employee data transfers. Transactions use Secure Socket Layer (SSL) certificates and communication using 256- encryption and the SHA256 with RSA algorithm. Web Application Firewall (WAF) protect all production servers. Public-facing WAFs coupled with deep penetration testing are the first layer of our multi-layer security architecture. Accordingly, data is hosted on encrypted, virtualized servers to ensure that application files, virtual machine system snapshots, backup copies, and database components are all encrypted at rest.

To protect your data, our network security model employs a multi-layer architecture including Web Application Firewalls (WAF), DDoS protection, network access controls, monitoring, intrusion and threat detection. Indeed, independent security audits and deep penetration testing are conducted to continuously validate Vault Verify’s employee data protection standards.

Microsoft Azure’s cloud infrastructure hosts our services, offering a broad set of international and industry-specific compliance standards, such as SOC 2, ISO 27001, HIPAA, and FedRAMP. Azure’s datacenter facilities offer tight control along outer and inner perimeters with increasing security at each level. Chiefly, these include perimeter fencing, security officers, locked server racks, integrated alarm systems, around-the-clock video surveillance, and multi-factor access control.

Regulations governing privacy, employee rights, and personally identifiable information (PII) like CPRA, FCRA, and more have created a virtual minefield of risk, liability, and costs for corporations. Thus, we take the protection of personally identifiable information very seriously, with system-wide security protocols that ensure only authorized individuals can access employee data.

For our employment and income verification services, all verifiers first go through a credentialing process by one of our trained professionals, ensuring that every search request has a permissible purpose from a legitimate verifier. In this process, we verify physical location, business type, contact information, and electronic print. Verifiers must complete the credentialing process before searching against data housed in our system. Additionally, every search request requires permissible purpose, your company’s designated code, and the employee’s SSN before processing. Finally, our verification systems require a signed release by the employee before releasing any employment or income information.