Trust and Security Portal

Start your security review
View & download sensitive information
Search items
ControlK

Overview

Welcome to Checkr Pay's Trust and Security Portal. Our commitment to security is embedded in every part of our business.

Please note that access to some of the Trust and Security Portal materials is shared only with a valid NDA that can be signed by this link. Feel free to contact your account manager or submit a customer support request for any questions.

Compliance & Frameworks

Start your security review
View & download sensitive information

Security and Compliance Documents

Trust Center Updates

Security Notice Regarding Okta Security Incident

IncidentsCopy link

Okta has provided an update on their October 20th security incident, indicating that it impacted all non-federal customers. In collaboration with Okta, Checkr's security team obtained a copy of the information likely disclosed to their threat actor and assessed that there is no impact to Checkr customers and very little additional risk to Checkr's internal systems. Okta's update can be found at the following location https://sec.okta.com/harfiles

Published at N/A

Checkr has confirmed with Okta that we are not impacted by their recent security incident. However, we keep monitoring our relationships with third parties in the event there may be down-stream impacts, and we will respond accordingly.

Published at N/A

New SOC2 Type II report and ISO 27001 certificate have been published

ComplianceCopy link

We published a new SOC2 Type II report at the Trust & Security portal. The report covers period 7/1/22-6/30/23 and includes the following products of Checkr Group: Checkr, Checkr Pay, Goodhire. We also published an ISO 27001 certificate and related documents.

Note, access to SOC2 and other private documents is granted with a valid non-disclosure agreement between us. Please reach out to your account manager or submit a customer support request at https://help.checkr.com/hc/en-us/requests/new if there is no NDA between our organizations or if you are unsure. Please also use these contacts for additional questions about security controls.

-Checkr Trust & Security Team

Published at N/A

Security Notice Regarding the MOVEit Vulnerability

VulnerabilitiesCopy link

Currently, Checkr is unaware of any impact of the MOVEit vulnerability on our products or services. Checkr does not utilize the affected software within our operations. We are not aware of any impacted subcontractors or suppliers that could affect Checkr services.

-Checkr Trust & Security Team

Published at N/A*

Security Notice Regarding the Log4j Java library

GeneralCopy link

Checkr's background check products do not leverage the log4j library and therefore are not vulnerable to CVE-2021-44832. However, we did assess third-party processors to asses any possible impact, and none was identified. Additionally, we updated our web application firewalls to block attempts by external actors to exploit this vulnerability.

-Checkr Trust & Security Team

Published at N/A*

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo