Security and Compliance

As part of Yello’s commitment to data security and compliance, Yello has successfully completed a Service Organizations Controls (SOC) 2 Type 2 Examination Audit and is now certified. Achieving SOC 2 certification reinforces Yello’s promise to maintain the most stringent controls for protecting and securing confidential customer information.

Yello is committed to operating in a manner compliant with ISO 27001, NIST 800-53, and the GDPR, in order to operate in accordance with information security best practices and to protect client data in Yello’s care.  

Yello applications are hosted in SOC2 Type2 compliant facilities located and operated in the United States or EU.

Yello employs a dedicated, certified security team to ensure secure operations through 24/7 monitoring of people, processes and technology. Examples include, but are not limited to:

• Vulnerability scanning
• Penetration testing
• Secure coding practices
• Threat modeling
• Risk assessments
• Anti-virus scanning
• Software patching

Yello follows industry best standards in regards to encryption. Data in transit and at rest is secured using strong encryption methods (TLS 1.2/AES-256) to ensure data confidentiality and integrity.

Data is securely backed up to a secondary location and is available for disaster recovery purposes. Testing of disaster recovery plans occurs annually.

Yello integrates with SSO services that support SAML2.0

Yello offers staff permissions, private fields, reporting and more to support EEOC, Section 503 and data privacy regulations. Yello also integrates with federal job boards and OPM-mandated tools, supporting federal hiring regulations.