Trust and Security Portal

Start your security review
View & download sensitive information
Search items
ControlK

Overview

Welcome to Checkr's Trust and Security Portal. Our commitment to security is embedded in every part of our business.

Please note that access to some of the Trust and Security Portal materials is shared only with a valid NDA that can be signed by this link. Feel free to reach out to your account manager or submit a customer support request for any questions.

Compliance & Frameworks

CCPA Logo
CCPA
CPRA Logo
CPRA
GDPR Logo
GDPR
ISO 27001 Logo
ISO 27001
PIPEDA Logo
PIPEDA
Privacy Shield Logo
Privacy Shield
SOC 2 Logo
SOC 2
SOC 3 Logo
SOC 3
Start your security review
View & download sensitive information

Security and Compliance Documents

Checkr Group ISO 27001 Certificate
Checkr Group SOC 2 Type 2
Checkr Group SOC 3 Report
Checkr Security Whitepaper
Pentest Report - Web App/API
Checkr Group ISO 27001 Report
Checkr Group ISO 27001 SoA

Product Security

Audit Logging
Integrations
Multi-Factor Authentication
View more

Reports

Checkr Group ISO 27001 Certificate
Checkr Group SOC 2 Type 2
Checkr Group SOC 3 Report
View more

Data Security

Access Monitoring
Backups Enabled
Encryption-at-rest
View more

App Security

Responsible Disclosure
Code Analysis
Secure Development Training
View more

Data Privacy

Cookies
Data Breach Notifications
Data Into System
View more

Access Control

Data Access
Logging
Password Security

Infrastructure

Anti-DDoS
BC/DR
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Endpoint Device Management
View more

Network Security

Centralized Logging
Firewall
Intrusion Detection
View more

Corporate Security

Asset Management Practices
Email Security
Employee Training
View more

Policy & Standards

Access Control Policy
Business Continuity and Disaster Recovery Plan
Change Management Policy
View more

Security Grades

HSTS Preload List
checkr.com
api.checkr.com
dashboard.checkr.com
Qualys SSL Labs
checkr.com
A+
api.checkr.com
A+
dashboard.checkr.com
A+
Security Headers
checkr.com
A+

Trust Center Updates

Security Notice Regarding Okta Security Incident

IncidentsCopy link

Okta has provided an update on their October 20th security incident, indicating that it impacted all non-federal customers. In collaboration with Okta, Checkr's security team obtained a copy of the information likely disclosed to their threat actor and assessed that there is no impact to Checkr customers and very little additional risk to Checkr's internal systems. Okta's update can be found at the following location https://sec.okta.com/harfiles

Published at N/A

Checkr has confirmed with Okta that we are not impacted by their recent security incident. However, we keep monitoring our relationships with third parties in the event there may be down-stream impacts, and we will respond accordingly.

Published at N/A

New SOC2 Type II report and ISO 27001 certificate have been published

ComplianceCopy link

We published a new SOC2 Type II report at the Trust & Security portal. The report covers period 7/1/22-6/30/23 and includes the following products of Checkr Group: Checkr, Checkr Pay, Goodhire. We also published an ISO 27001 certificate and related documents.

Note, access to SOC2 and other private documents is granted with a valid non-disclosure agreement between us. Please reach out to your account manager or submit a customer support request at https://help.checkr.com/hc/en-us/requests/new if there is no NDA between our organizations or if you are unsure. Please also use these contacts for additional questions about security controls.

-Checkr Trust & Security Team

Published at N/A

Security Notice Regarding the MOVEit Vulnerability

VulnerabilitiesCopy link

Currently, Checkr is unaware of any impact of the MOVEit vulnerability on our products or services. Checkr does not utilize the affected software within our operations. We are not aware of any impacted subcontractors or suppliers that could affect Checkr services.

-Checkr Trust & Security Team

Published at N/A*

Security Notice Regarding the Log4j Java library

GeneralCopy link

Checkr's background check products do not leverage the log4j library and therefore are not vulnerable to CVE-2021-44832. However, we did assess third-party processors to asses any possible impact, and none was identified. Additionally, we updated our web application firewalls to block attempts by external actors to exploit this vulnerability.

-Checkr Trust & Security Team

Published at N/A*

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo