Pro5 Trust Center
Welcome to the Pro5 Trust Center.
Our commitment to data privacy and security is embedded in every part of our business. Use this page to learn about our security posture and request full access to our security documentation.
Product Security
Application
Pro5 runs on highly secure, scalable infrastructure on the cloud. Security is a key feature of our technology stack, from the infrastructure up to the application.
Our proprietary software goes through regular security assessments & config audits.
Please reach out to us for access to our latest Security & Pen Test reports.
Our proprietary software goes through regular security assessments & config audits.
Please reach out to us for access to our latest Security & Pen Test reports.
Audit Logging
The Pro5 Platform offers comprehensive Audit Trails for events and changes that take place across the different layers of the Tech Stack. This allows us to validate all user and system activities, and trace back all changes made within the application.
The Audit Trail includes a detailed description of the action, resource affected, and a timestamp.
The Audit Trail includes a detailed description of the action, resource affected, and a timestamp.
Role-Based Access Control
RBAC has been implemented throughout the Pro5 platform, including custom roles which can be used to control permissions for Users, User Groups, or Service Accounts.
Please reach out to us for access to our Roles and Permissions Matrix.
Please reach out to us for access to our Roles and Permissions Matrix.
Infrastructure
We have clear BCDR (Business Continuity & Disaster Recovery) plan in place, with RAS (Reliability, Availability, Scalability) as a key focus of the platform.
Please reach out to us for access to our BCDR plan.
Please reach out to us for access to our BCDR plan.
Integrations
The Pro5 platform integrates only with highly reputable 3rd party repositories and providers. We call connections to cloud platforms "Cloud Providers" and connections to other platforms "Connectors".
Please reach out to us for a full list of Connectors.
Please reach out to us for a full list of Connectors.
Product Development
Our Secure Software Development Life Cycle (SSDLC) integrates security practices into each stage of the development process, including the requirements, design, implementation, and testing.
Please reach out to us for an overview of our SDLC process.
Please reach out to us for an overview of our SDLC process.
Changes
Our secure Change Management process ensures that changes occur in a controlled and secure manner, from definitions to execution. The process is continuously monitored and improved, and stakeholders are educated about the importance of security in the change management process.
Please reach out to us for an overview of our Change Management process.
Please reach out to us for an overview of our Change Management process.
Incidents
We have clear Security Incident plan in place for identifying, assessing, and responding to incidents. After every incident, we document key takeaways and learnings to help improve the process and prevent similar incidents in the future.
Please reach out to us for an overview of our Incident Management process.
Please reach out to us for an overview of our Incident Management process.
Data Security
Personal Data Protection Act Compliance
The Personal Data Protection Act (PDPA) provides a baseline standard of protection for personal data in Singapore. Pro5 applies controls on our infrastructure, application and data policies to ensure compliance with the PDPA requirements.
For information regarding the deletion of personal data please see Data Privacy.
For information regarding the deletion of personal data please see Data Privacy.
Classification
We take our users’ data seriously. Our data classification ensures that data remains within defined trust boundaries.
In the event of a data breach, no user data will be impacted.
Please reach out to us for access to our Data Classification policy.
In the event of a data breach, no user data will be impacted.
Please reach out to us for access to our Data Classification policy.
Backups
We perform point-in-time backups of critical systems and data stored in our environment, taking snapshots of every change, and allowing us to restore to an exact point in time in case something goes wrong.
Backups are encrypted, and access to data stores is restricted by the principle of least privilege.
Backups are encrypted, and access to data stores is restricted by the principle of least privilege.
Data Erasure
User data is deleted automatically after a user's account is marked as expired.
For information regarding the deletion of personal data please see Data Privacy.
For information regarding the deletion of personal data please see Data Privacy.
Encryption-at-rest
Data stored in the Pro5 Platform is safeguarded using state-of-the-art encryption, applying AES-256 encryption algorithm (or stronger).
This ensures that the data is protected against unauthorized access, providing a high level of security and privacy for users and their information. It also helps in maintaining the integrity of the data, even in the event of a potential security breach.
This ensures that the data is protected against unauthorized access, providing a high level of security and privacy for users and their information. It also helps in maintaining the integrity of the data, even in the event of a potential security breach.
Encryption-in-transit
Data submitted to Pro5 is encrypted with TLS 1.2 (or stronger) over the public internet.
This ensures that the data transmission between the user and the Pro5 platform is secure, reducing the risk of data interception or manipulation by unauthorized parties.
This ensures that the data transmission between the user and the Pro5 platform is secure, reducing the risk of data interception or manipulation by unauthorized parties.
Network Security
Email Security
The Pro5 domain utilizes DMARC, DKIM and SPF to reduce the risk of email spoofing attacks.
Firewall
Pro5 utilizes the native firewall capabilities of our cloud service providers to protect our infrastructure.
Virtual Private Cloud
Pro5 uses VPCs within our cloud infrastructure.
Wireless Security
Office wireless networks are secured using strong encryption and segregated from the production network.
Internal Access
Data Access
Access to internal systems is role-based and granted using the principle of least privilege. Permissions are reviewed at least annually.
Logging
Important activities in our cloud infrastructure are logged and retained appropriately to assist us with investigations in the event of an incident.
Password Security
Employees are required to set strong passwords, use 2FA, and use a secure password manager to store company credentials.
Fairness
No Human Bias
Our processes exclude human subjectivity and unconscious bias through automation, standardization, and anonymization.
This ultimately leads to significantly fairer decision making than traditional manual methods
This ultimately leads to significantly fairer decision making than traditional manual methods
No AI Bias
Our AI is constantly trained and tested with a lot of unbiased data, unbiased classification, unbiased samples, unbiased labels, and algorithms that are improved when biases are detected.
We further explicitly exclude information such as gender, age, race, marital status, socioeconomic status, etc.
Traditional methods typically rely on CV key-word filtering with limited understanding of the context and in a manner which can be “gamed”.
Pro5 brings fairness into the process by objectively focusing on the talents’ real-world capabilities.
We further explicitly exclude information such as gender, age, race, marital status, socioeconomic status, etc.
Traditional methods typically rely on CV key-word filtering with limited understanding of the context and in a manner which can be “gamed”.
Pro5 brings fairness into the process by objectively focusing on the talents’ real-world capabilities.
