Transform the talent experience securely with confidence
Over 500 global organizations trust Phenom to elevate the talent lifecycle — and protect their employee, company, and customer data. Learn more about our information security and compliance framework.
Our Security & Data Privacy Framework
Delivering personalized, remarkable talent experiences isn’t possible without data — and the security of our people, processes, and technology is of utmost importance to Phenom. Here’s a snapshot of how we ensure your information is secured and protected.
Policies and procedures are in place to ensure your data is kept secure and properly handled.
All Phenom employees receive annual training to maintain our security policies and procedures, in addition to role-specific training.
Monitor & Alert
Monitoring tools and a team of experts are notified of anomalies, ensuring data protection and security 24/7.
Internal and third party audits ensure security policy and procedures are maintained and updated.
Certifications, standards, and regulations
Phenom maintains the industry-standard certifications and compliances necessary to ensure the highest level of data security and privacy for our employees, customers, and partners.
Compliance with information security and risk management requirements.Learn More
Compliance with the standard for implementing information security controls for cloud service providers and users to make a safer cloud-based environment and reduce the risk of security problems.Learn More
Compliance with the code of practice that protects personal data stored in the cloud and helps cloud service providers who process personally identifiable information to assess risk and implement controls for protecting PII data.Learn More
Compliance with the standard to reduce the risk to privacy rights of individuals, which outlines a framework for personally identifiable information controllers and PII processors to manage privacy controls to reduce the risk to the privacy rights of an individual.Learn More
SOC 2 - SOC for Service Organizations
Type II report covering security and privacy of customer data.Learn More
UK Cyber Essentials Plus
UK government information security assurance scheme.Learn More
CSA (Cloud Security Alliance)
Membership to global organization that provides guidance on the adoption and secure use of cloud computing.Learn More
Disaster Recovery (DR) & Business Continuity Plan (BCP)
Business continuity and disaster recovery processes and techniques used for the recovery of critical business processes, people, and IT systems in the event of a disaster.Learn More
Annual penetration testing done by third party, quarterly DAST, and SAST scanning. Plus, internal penetration testing done on the Phenom platform.Learn More
The FSQS-NL Registered Mark is valued by some of the largest purchasers in the financial sector and indicates that your organisation has gone through the process required to demonstrate its commitment and credentials to the industry.Learn More
The General Data Protection Regulation (GDPR) creates and enforces data protection and privacy regulations in the European Union (EU).Learn More