Does Develop Diverse conduct penetration testing of its network, infrastructure, and services?
Penetration testing is conducted to measure the security posture of Develop Diverse Services and Infrastructure. Develop Diverse has an external penetration test performed at least once per year.
The objective of those penetration tests is to identify design or functionality issues in Develop Diverse services that could expose Data or Customers to risks from malicious activities.
Data Sharing and Role-Based Access Control
A Develop Diverse account administrator manages and controls individual user rights by granting specific types of user roles. Details about user roles, collaboration mode and authorization in Develop Diverse are documented in our Support Hub.
Customer data, such as Job ads and templates, can only be accessed by other users within your Develop Diverse account if those items were specifically shared with them, or if the accounts collaboration mode allows it.
Is data encrypted at rest?
Is data encrypted in transit?
Where is data stored?
A listing of incidents that could have impacted Develop Diverse customers is located here: https://status.developdiverse.com/
Incident report is handled as part of our incident management process, whereby incidents impacting customers are reported to respective customers.
For privacy-specific incidents, the process is governed by the DPA customers, and authorities are informed as required by the law.
Develop Diverse supports just-in-time user-provisioning and SSO onboarding against Microsoft Entra ID (OpenID Connect) and SAML2.
Mandatory general security training is provided at onboarding to all employees and contractors. Mandatory training on a specific security topic is also provided annually.
All employees undergo a background check prior to employment.
Develop Diverse operates by the principle of lest privilege, hence only a limited set of employees have access to our datacenter. There are strict security policies for employee access, all events are logged and monitored, and data are strictly regulated. Access to production requires a series of strong security authentication such as multi-factor authentication, a one-time password, and a personal certificate.
Develop Diverse’s service data is hosted in Microsoft Azure data centers. MS Azure adheres to security controls for ISO 27001, ISO 27018, SOC 1, SOC 2, SOC 3, FedRAMP, HITRUST, MTCS, IRAP, and ENS. Please refer to this link for more details.
The data center’s physical infrastructure is operated by Azure and we rely on their data center security controls.
Develop Diverse maintains a physical and environmental policy for its office to ensure the security and integrity of Develop Diverse’s facilities and the assets located within.
Develop Diverse office have industry-standard physical security protection with secure access, burglary alarm, etc.
Further visitors to secure areas are required to sign in and out with arrival and departure times, are required to wear an identification badge, and are always escorted while in secure areas.
Develop Diverse utilizes AI in various aspects of the product, such as our inclusive writing capabilities.
Develop Diverse does not use customer data to train its internal LLMs/ML models.
Only Develop Diverse and Microsoft Azure are involved in the processing, with no additional third parties included.
The security of Azure OpenAI is primarily managed by Microsoft, which implements a range of security measures to protect customer data. These include data encryption both in transit and at rest, strong access controls through Azure Active Directory.
Yes, the EU AI act is applicable to all providers and users of AI systems within the EU.
Develop Diverse’s AI features can be classified in the “Limited Risk” category established by the EU AI Act, meaning that they will be subject to minimal transparency obligations to end users. Develop Diverse will continue to monitor its compliance obligations under the EU AI Act and make adjustments when necessary.
As Develop Diverse are using two categories of AI technology: Off-the-shelf, public generative AI models (e.g., GPT) and our own proprietary models known as “Develop Diverse AI.”
These kinds of AI models are integrated into Develop Diverse to perform tasks such as generating content based on our prompts. We may have a unique approach for how we apply these AI models, but this type is not based on any AI model proprietary to Develop Diverse.
This category refers to our own proprietary approach to developing AI models through multiple learning techniques, including deep learning. Develop Diverse AI leverages our unique data, such as extensive bias research data, language structure and culture research data, to complete specific and more complex tasks, such as highlighting a bias phrase and suggesting alternatives. Each feature supported by Develop Diverse AI involves training a new model to perform a specific task.
Our intention going forward is to use both off-the-shelf models and Develop Diverse AI depending on the specific customer problem we are solving.
User profile information, such as name, email address and job title. Can be read from customer ADs.
System information such as IP address and usage behavior as users navigate through the services.
Develop Diverse is mainly used for Job adverticements and employer branding content, which is mostly public available content.
Develop Diverse primarily processes customer employee data, who are users of the services.
Develop Diverse restricts access to customer data and content to its employees who require it in connection with their roles and based on the principle of least privilege.
Please refer to this page for more information
Yes, we performs an annual security assessment on its data sub processors to ensure appropriate security posture.
The annual security assessment of our sub-processors consists reviewing and validating the security artifacts of each subprocessor (audit reports, certifications, penetration test reports, etc.) If risks are observed during the assessment, they are evaluated and documented on the organization’s risk register to ensure a risk treatment plan is applied to reduce the third party risk.
Copyright © 2024 Develop Diverse.
All rights reserved
