Phenom Compliance Background

Transform the talent experience
securely with confidence

Over 400 global organizations trust Phenom to elevate the talent lifecycle — and protect their employee, company, and customer data. Learn more about our information security and compliance framework.

Our Security & Data Privacy Framework

Delivering personalized, remarkable talent experiences isn’t possible without data — and the security of our people, processes, and technology is of utmost importance to Phenom. Here’s a snapshot of how we ensure your information is secured and protected.

key benefit

Process

Policies and procedures are in place to ensure your data is kept secure and properly handled.

key benefit

Train

All Phenom employees receive annual training to maintain our security policies and procedures, in addition to role specific.

key benefit

Monitor & Alert

Monitoring tools and a team of experts are notified of anomalies, ensuring data protection and securities 24/7.

key benefit

Audit

Internal and third party audits ensure security policy and procedures are maintained and updated.

Certifications, standards and regulations

Phenom maintains the industry-standard certifications and compliances necessary to ensure the highest level of data security and privacy for our employees, customers, and partners.

ISO/IEC 27001:2013

Compliance with information security and risk management requirements

Learn More

ISO 27017

Compliance with the standard for implementing information security controls for cloud service providers and users to make a safer cloud-based environment and reduce the risk of security problems.

Learn More

ISO 27018

Compliance with the code of practice that protects personal data stored in the cloud and helps cloud service providers who process personally identifiable information to assess risk and implement controls for protecting PII data.

Learn More

ISO 27701:2019

Compliance with the standard to reduce the risk to privacy rights of individuals which outlines a framework for personally identifiable information controllers and PII processors to manage privacy controls to reduce the risk to the privacy rights of an individual.

Learn More

SOC 2 - SOC for Service Organizations

Type II report covering security and privacy of customer data

Learn More

UK Cyber Essentials Plus

UK government information security assurance scheme

Learn More

CSA (Cloud Security Alliance)

Membership to global organization that provides guidance on the adoption and secure use of cloud computing.

Learn More

Disaster Recovery (DR) & Business Continuity Plan (BCP)

Business continuity and disaster recovery processes and techniques used for the recovery of critical business processes, people, and IT systems in the event of a disaster.

Learn More

TRUSTe Privacy Verified Seal

Responsible data collection and processing practices consistent with regulatory expectations

Learn More

Privacy Shield

A framework for complying with EU General Data Protection Regulation (GDPR) requirements

Learn More

Application Security

Annual penetration testing done by third party, quarterly DAST, and SAST scanning. Plus, internal penetration testing done on the Phenom TXM platform.

Learn More

FSQS-NL

The FSQS-NL Registered Mark is valued by some of the largest purchasers in the financial sector and indicates that your organisation has gone through the process required to demonstrate its commitment and credentials to the industry.

Learn More

"The protection of our customer and employee data and information is of the utmost importance — a factor employers have come to expect from our AI-powered talent experience platform."

Dive into the details

If you’d like to review our security and compliance documents, along with certifications, you may request access below.