Zoho Recruit's shared responsibility of security and privacy with customers

Zoho Recruit complies with ISO and SOC standards for security and privacy to ensure we provide our customers with the best service possible. While we work towards offering you an uncompromised cloud experience, we treat your security and privacy with the utmost care and believe it is a shared responsibility between us and our users.

A clear understanding of customer responsibility, Zoho Recruit's responsibility, and shared responsibility as a whole will help you overcome any challenges in data security and privacy.

Customer Responsibility

  •  Data accountability
  •  Passwords
  •  Client and end point security

Shared responsibility

  •  Data Management
  •  Encryption
  •   Awareness and training
  •   Policy and compliance

Zoho Recruit's Responsibility

  •   Availability of services
  •   Application level controls
  •   Data storage
  •   Data security
  •  24 hours a day M-F technical support. Weekend email support (Except public holidays) for Enterprise edition users.
  •  Reporting any breach incidents

Shared responsibility

The following responsibilities are common to both the customer and Zoho Recruit. As we provide you with the services and tools to help secure your data, we need your contribution towards these services as well.

Data management

Zoho Recruit provides you with:
  • Roles, profiles, Data Sharing settings, Territory Sharing, User Hierarchy (HR) - All of the above features are provided to ensure confidentiality and integrity of data within the organization.
  • All the actions performed by users within the organization are logged in Audit and Activity logs within Zoho Recruit.
Your responsibilities:
  • Assign appropriate user roles and privileges for those handling your data.
  • Periodically review your company's user roles and access permissions.
  • The audit log will be retained for 60 days and the activity log for 90 days.Take periodic export of logs.
  • Report incidents of data breach to Zoho Recruit immediately and follow our recommendations for next steps.
  • Notify your users and data-protection authorities in case of any breach.
  • Check the legal requirements for adding and processing data using our system.

Encryption

Zoho Recruit's responsibilities:
  • In transit: All customer data transmitted to our servers over public networks is protected using strong encryption protocols. We mandate all connections to our servers to use Transport Layer Security (TLS 1.2/1.3) encryption.
  • At rest: Zoho Recruit provides encryption for custom fields at rest using 256-bit Advanced Encryption Standard (AES). By default all customer uploaded files will be encrypted at rest.
Your responsibilities:
  • Enable encryption for custom fields.

Awareness and Training

Zoho Recruit's responsibilities:
  • Educate our employees about data-handling requests raised from the customers.
  • Regularly conduct security and privacy training for all employees to ensure they adhere to our security and privacy standards.
Your responsibilities:
  • Educate your users on the risks related to a cloud environment, as well as standards and procedures for the use of our services.

Policy and Compliance

Zoho Recruit's responsibilities:
  • Adhere to policies and laws like GDPR, OFCCP, EEO and more depending on the region to ensure our customer data is handled appropriately.
  • Review privacy policies and terms of service for sub-processor and third-party integrations.
Your responsibilities:
  • Enable or disable third-party integrations after reviewing what data will be shared with them.
  • Review the terms and privacy policies of how your data would be stored, handled, and used in third-party apps.
  • Evaluate all regulations and laws that are applicable to you and review our compliance with regulations and standards that are needed for your business.
  • Provide proper notice while collecting data.
  • Before processing personal data, assess your lawful basis. If your lawful basis is consent, get the consent of your Data Subjects as well.

Refer to the shared responsibility model in Zoho for more information on this topic.

If you have any questions or would like some clarification on these points, please write to us at support@zohorecruit.com