Services
Security and Compliance
Keeping your data safe is a top priority at Yello.
Yello is committed to ensuring the highest level of security to safeguard client information. Using a combination of technology, best practices and company-wide policies, Yello fosters a culture of security to protect your data. Our team works with clients to understand compliance requirements and meet unique security needs.
As part of Yello’s commitment to data security and compliance, Yello has successfully completed a Service Organizations Controls (SOC) 2 Type 2 Examination Audit and is now certified. Achieving SOC 2 certification reinforces Yello’s promise to maintain the most stringent controls for protecting and securing confidential customer information.
Yello is committed to operating in a manner compliant with ISO 27001, NIST 800-53, and the GDPR, in order to operate in accordance with information security best practices and to protect client data in Yello’s care.
Yello applications are hosted in SOC2 Type2 compliant facilities located and operated in the United States or EU.
Yello employs a dedicated, certified security team to ensure secure operations through 24/7 monitoring of people, processes and technology. Examples include, but are not limited to:
- Vulnerability scanning
- Penetration testing
- Secure coding practices
- Threat modeling
- Risk assessments
- Anti-virus scanning
- Software patching
Yello follows industry best standards in regards to encryption. Data in transit and at rest is secured using strong encryption methods (TLS 1.2/AES-256) to ensure data confidentiality and integrity.
Data is securely backed up to a secondary location and is available for disaster recovery purposes. Testing of disaster recovery plans occurs annually.
Yello integrates with SSO services that support SAML2.0
Yello offers staff permissions, private fields, reporting and more to support EEOC, Section 503 and data privacy regulations. Yello also integrates with federal job boards and OPM-mandated tools, supporting federal hiring regulations.
At Yello, we prioritize the security of our data, systems and users. Yello Vulnerability Disclosure Program (“VDP”) is aimed at establishing these conditions in order to protect the data of Yello and our customers.
If you discover a security vulnerability while using our websites, we encourage you to report it via email at vdp@yello.co. Provide detailed information, including steps to reproduce the issue and its potential impact. Your report will be promptly acknowledged and verified. Once confirmed, the issue will be passed to our development teams for resolution based on its severity. Any exfiltration or downloading of Yello data, disclosure of confidential information, or disruption of our customers’ experience is outside the scope of this program and not protected from legal action. Demanding payment for deleting Yello data will be treated as a threat, not as participation in our program.