Log in Contact
DATA SECURITY

Screening data, defended in depth

A background check holds some of the most sensitive data a person has. We secure it in layers: encrypted storage and transport, hardened infrastructure, continuous detection and strictly limited access. All of it is published, control by control, in our Trust Center.

Encrypted at rest and in transit A+ TLS rating (Qualys SSL Labs) ISO/IEC 27001:2022 certified

Security in layers

Six layers, all backed by controls you can review in the Trust Center.

Encryption everywhere

Data is encrypted at rest, company devices use full disk encryption and our TLS configuration is independently rated A+ by Qualys SSL Labs.

Hardened infrastructure

Workloads run in a virtual private cloud behind firewalls and traffic filtering, with anti-DDoS protection and cloud workload protection on top.

Detection and response

Security information and event management, intrusion detection, endpoint detection and response and continuous logging keep watch around the clock.

Strict access control

Data access is restricted to who genuinely needs it, protected by multi-factor authentication, password policies and monitored access.

Built to recover

Data backups, business continuity and disaster recovery plans, with a recovery time objective of 24 to 48 hours.

Secure development

A secure development lifecycle with code analysis, secure development training and a responsible disclosure process for researchers.

Independent security grades

Verify these yourself, the links run a live external scan.

Risk profile

Data access level Restricted
Impact level Substantial
Recovery time objective 24-48 hours

Security documentation

Key documents from our Trust Center portal. Public documents open directly; the rest are available on request.

Legal

Subprocessors

The latest version of our sub-processor list, kept up to date as our supply chain changes.

Open document
Compliance

ISO/IEC 27001 SoA

Request access
Documents

Internal Data Protection Policy

The Internal Dataprotection Policy sets out how PESCHECK processes the personal data that it holds (relating to clients, staff and third parties). It outlines PESCHECK's responsibilities under data protection legislation and regulation, setting out how it will comply, and provides instruction for staff handling personal data.

Request access

Security questions from your team?

Questionnaires, architecture questions or an under-NDA report, we are happy to support your security review.