Safeguarding employee resume data with access roles and the audit log

In today's digital landscape, maintaining the privacy and security of employee resume (CV) data is paramount. These profiles contain an abundance of personal and professional details that organizations have a strict responsibility to protect. The good news is that with proper safeguards and protocols in place, companies can confidently leverage this data for bids and proposals while giving employees peace of mind that their data is being handled with the utmost care.

At Flowcase, making sure our customer’s data is private and secure is our highest priority. As a company, we address this in two parts:

Robust platform features. Through granular access roles and our Audit Log feature, we’re able to help our customers safeguard their data with ease.

Privacy-first approach. Through our SOC 2 and ISO 27001 certifications, as well as our strict GDPR compliance, we show that our company is serious about keeping our customer’s data safe and secure. 

In this blog, we’re going to focus on the first part: our platform’s features. We’re going to discuss how permissions empower organizations to control who can view and use resume and project data and how our Audit Log can help alert firms in the unlikely event of platform misuse. 

How To Safely Manage Resume Data With Access Roles

Unlike traditional methods of resume management, such as shared drives, which typically offer an ‘all or nothing’ approach to privacy, Flowcase’s granular permissions provide more flexibility. Flexibility of course does not mean the rules bend; rather it means that the platform  can accommodate different users with different needs. Ultimately, this ensures users have access to all the data they require, without providing unnecessary access to the data they don’t. 

The types of access roles and their use cases are listed below:

External users:
For third-party contractors or freelancers who need to update their resumes for a proposal. External users can log in using their private credentials and make edits to their own resumes without accessing any other employee's data. This ensures maximum privacy while still enabling firms to use external contractors in their proposal process.

Limited access users:
For employees who only need to access their own information but, in general, do not need access to other data. These users login via a company email or SSO and can create and update their own resumes. They can create proposals and search across the Flowcase database to find users with particular skill-sets, but do not have the ability to view or download other resumes.* This level of control ensures that sensitive information remains confidential while still facilitating collaboration within the organization.
*Unless they have a Country or Department Manager role (discussed below).

Normal users:
For employees who play an active role in proposal development and require broader access to resumes, CVs and project data. These users assume all of the same rights as a Limited User, but in addition, they can also view, tailor, and download other people's resumes and CVs. This level of access ensures that team members can collaborate on bids and proposals in the most effective manner. This is the access type we typically recommend for most users.

Reference Project, Country and Department Managers (Optional):
These three access roles can be added to Limited Users and Normal Users as supplementary permissions. Reference Project Managers can view, edit, and download all reference projects and change project workflow statuses. Country Managers and Department Managers can view, edit, and download resumes, reference projects, and user reports from all users within their Country and/or Department. 

Admins:
For employees who have responsibility for implementing and maintaining Flowcase and its data. With access to all account settings (including assigning these permissions!) and the ability to edit all content within the system, Admins hold all control of their firm’s resume data. With the help of our customer success team, they ensure the platform is running smoothly, that it’s helping teams process more bids efficiently, and that all data is secure.

By utilizing the right blend of permissions, teams can strike the delicate balance between collaboration and privacy. 

How To Monitor Resume Actions with the Audit Log

While access roles are a preventative measure to prevent certain users from accessing confidential information, the Audit Log can be used as a second line of defense to confirm that these measures are doing their job effectively. 

The Audit Log provides admins with an overview of actions within their company’s Flowcase account. It tracks a range of activities, such as user logins, profile and project content changes, document downloads, searches performed, and more. While this information is useful for a range of reasons, such as monitoring platform uptake or tracking recent updates, it’s also incredibly helpful for data protection.

For example, the platform admin might periodically check the Audit Log to ensure no suspicious activity has taken place. They might filter on ‘Downloaded resumes’ to check whether any user has been bulk downloading resumes in a certain time period without legitimate reason. In the unlikely case where malicious activity is recorded, the firm can then follow the appropriate compliance protocols.

An additional benefit of the Audit Log is that it can also help your firm meet external security certifications, making you more attractive to prospective clients and/or talent.

Summary

Traditional ways of managing resumes, such as shared drives, go some way to safeguarding employee data. However, their lack of flexibility means employees may have too much or too little control. With a resume database that has granular permissions, teams can store their data with peace of mind knowing that only the people who need access can have it. Meanwhile, the Audit Log serves to pick up any noteworthy activity that slips through the cracks. Through these tools, Flowcase is able to prioritize user privacy while simultaneously facilitating collaboration.

If you’re interested in learning more about employee data security, we’ve created a in-depth guide that helps you navigate this topic. You can download it here or via the link below

Keep reading

Understanding and optimizing the end-to-end proposal lifecycle: from market identification to contract delivery

News
Sales and Marketing
Productivity

Survey reveals key gaps in Professional Services firms' workforce management

Sales and Marketing

CV Partner is now Flowcase

News