A pink and green shazamme logo on a white background

Shazamme Trust Centre

You own and control your data. We protect and defend it.


A computer monitor is sitting on a desk with purple lights behind it.
To be transparent about our operations, policies and technologies
To ensure the security, compliance and privacy of your data
To support and empower the privacy decisions of every single user

Our commitment to recruitment agencies, staffing firms and talent acquisition teams



Information security certifications

We’re proud that Shazamme has achieved internationally recognised ISO 27001 certification. This standard demonstrates Shazamme's commitment to global best practice, having implemented a robust approach to protect your data. Shazamme is audited regularly to maintain the certification status.


Infrastructure

We use Amazon Web Services (AWS) as our host operating system in the cloud. Security and compliance is therefore a shared responsibility between AWS and Shazamme. We’re responsible for securing your data, while AWS is responsible for securing the infrastructure that hosts it. Amazon’s data centre operations have been audited and certified under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • PCI Level 1
  • Federal Information Security Management Act – Moderate
  • Sarbanes-Oxley (SOX)


Infrastructure Locations

We are proud to partner with AWS, Webscale and Cloudflare to bring together a world class technology stack with locations in the main geographical locations.

Security Controls

  • Network Security Controls

    • We use Cloudflare and AW for WAF (web application firewall) and DDoS (distributed denial-of-service) mitigations
    • AWS Network Load Balancer restricts access to only required ports/services
    • AWS security groups are utilised for network segmentation on a least access model
    • Application server operating systems hardened to provide only necessary ports, protocols, services and applications as part of the baseline standard build
    • We have 24/7 monitoring by human beings for infrastructure alerts

  • Operating System Controls

    • Web and application servers run on the latest version on a hardened Windows Server Linux AMI
    • Windows updates, hotfixes and service packs are applied promptly
    • Port blocking is set at the network setting level
    • RDP connection encryption level is set to high and only accessible via VPN connection
    • Unnecessary services are disabled
    • Windows Defender and Crowdstrike are enabled and set to be updated daily
    • Logs are shipped to New Relic for monitoring and alerting

  • Resilence

    • Shazamme is cloud-based to ensure data is securely encrypted and stored in AWS data centres 
    • Data can be restored from backup and regular backups take place nightly and weekly and kept for 30 days
    • Site data backups are kept for 6 months

  • Recovery

    • In the case of any unforeseen incidents Disaster Recovery and Business Continuity Plans are in place, as part of our ISO27001 certification 
    • Shazamme utilises AWS multiple Availability Zones (AZ) to remain resilient in the face of most failure modes
    • Shazamme has two AZs in each region and tests are conducted regularly to ensure different disaster scenarios are mapped and planned for

GDPR Compliance and Data Privacy

General Data Protection Regulation (GDPR) plays a significant part in recruitment when it comes to collecting, handling and sharing candidate data.


With respect to candidate and client information that is stored in the Shazamme system:


You are the data controller and hold the direct relationship with your clients and candidates. You retain ownership of the client and candidate records that you store within your Shazamme account.

Shazamme, as the data processor, acts on your instructions when processing the candidate and client information stored in your Shazamme account.


Prighter certificate of Art 27 representation

Shazamme has a number of features to support your GDPR compliance:

  • Data processing opt-in policy: GDPR-compliant opt-in functionality on Job Application forms, with customisable text and data processing policy link
  • Auto-anonymisation for candidates and applications based on time schedules: Candidates and applications will be automatically anonymised as per the set time schedule.
  • Candidate Portal: Automatically respond to subject access requests by sending candidates a link to their Dashboard profile


Email templates: Email templates can be configured to fulfil the rectification and right to erasure notification obligations

Share by: