Pro5 Trust Center
Welcome to the Pro5 Trust Center.
Our commitment to data privacy and security is embedded in every part of our business. Use this page to learn about our security posture and request full access to our security documentation.
Product Security
Application
Pro5 runs on highly secure, scalable infrastructure on the cloud. Security is a key feature of our technology stack, from the infrastructure up to the application.
Our proprietary software goes through regular security assessments & config audits.
Our proprietary software goes through regular security assessments & config audits.
Pen Testing
Our infrastructure undergoes regular penetration testing to ensure that potential vulnerabilities are identified and addressed swiftly.
Please reach out to us for access to our latest Pen Test report.
Please reach out to us for access to our latest Pen Test report.
Security Reviews
An external team of security experts perform regular security audits to ensure our users' data remains protected and in compliance with industry standards.
Our comprehensive audit logging across the stack allows for full transparency into all activities on the platform. Please reach out to us for access to our latest Security reports.
Our comprehensive audit logging across the stack allows for full transparency into all activities on the platform. Please reach out to us for access to our latest Security reports.
Audit Logging
The Pro5 Platform offers comprehensive Audit Trails for events and changes that take place across the different layers of the Tech Stack. This allows us to validate all user and system activities, and trace back all changes made within the application.
The Audit Trail includes a detailed description of the action, resource affected, and a timestamp.
The Audit Trail includes a detailed description of the action, resource affected, and a timestamp.
Role-Based Access Control
RBAC has been implemented throughout the Pro5 platform, including custom roles which can be used to control permissions for Users, User Groups, or Service Accounts.
Please reach out to us for access to our Roles and Permissions Matrix.
Please reach out to us for access to our Roles and Permissions Matrix.
Infrastructure
The Pro5 platform is hosted on a dedicated server environment, providing enhanced security, performance, and control compared to shared hosting.
Our dedicated infrastructure isolates your data and workloads from other environments, ensuring heightened privacy and reduced security risks. Our infrastructure is designed with RAS (Reliability, Availability, Scalability) as a key focus of the platform. This setup ensures that the Pro5 platform remains resilient with minimal downtime, even under high load or during routine maintenance.
Please reach out to us for access to our BCDR (Business Continuity & Disaster Recovery) plan.
Our dedicated infrastructure isolates your data and workloads from other environments, ensuring heightened privacy and reduced security risks. Our infrastructure is designed with RAS (Reliability, Availability, Scalability) as a key focus of the platform. This setup ensures that the Pro5 platform remains resilient with minimal downtime, even under high load or during routine maintenance.
Please reach out to us for access to our BCDR (Business Continuity & Disaster Recovery) plan.
Integrations
The Pro5 platform integrates only with highly reputable 3rd party repositories and providers. We call connections to cloud platforms "Cloud Providers" and connections to other platforms "Connectors".
Please reach out to us for a full list of Connectors.
Please reach out to us for a full list of Connectors.
Product Development
Our Secure Software Development Life Cycle (SSDLC) integrates security practices into each stage of the development process, including the requirements, design, implementation, and testing.
Please reach out to us for an overview of our SDLC process.
Please reach out to us for an overview of our SDLC process.
Version Control
Our platform integrates version control systems within the application, providing a clear audit trail of changes and updates to ensure transparency and traceability during the development lifecycle.
Changes
Our secure Change Management process ensures that changes occur in a controlled and secure manner, from definitions to execution. The process is continuously monitored and improved, and stakeholders are educated about the importance of security in the change management process.
Please reach out to us for an overview of our Change Management process.
Please reach out to us for an overview of our Change Management process.
Incidents
We have clear Security Incident plan in place for identifying, assessing, and responding to incidents. After every incident, we document key takeaways and learnings to help improve the process and prevent similar incidents in the future.
Please reach out to us for an overview of our Incident Management process.
Please reach out to us for an overview of our Incident Management process.
Data Security
Personal Data Protection Act Compliance
The Personal Data Protection Act (PDPA) provides a baseline standard of protection for personal data in Singapore. Pro5 applies controls on our infrastructure, application and data policies to ensure compliance with the PDPA requirements.
For information regarding the deletion of personal data please see Data Privacy.
For information regarding the deletion of personal data please see Data Privacy.
Classification
We take our users’ data seriously. Our data classification ensures that data remains within defined trust boundaries.
In the event of a data breach, no user data will be impacted.
Please reach out to us for access to our Data Classification policy.
In the event of a data breach, no user data will be impacted.
Please reach out to us for access to our Data Classification policy.
Backups
We perform point-in-time backups of critical systems and data stored in our environment, taking snapshots of every change, and allowing us to restore to an exact point in time in case something goes wrong.
Backups are encrypted, and access to data stores is restricted by the principle of least privilege.
Backups are encrypted, and access to data stores is restricted by the principle of least privilege.
Data Erasure
User data is deleted automatically after a user's account is marked as expired.
For information regarding the deletion of personal data please see Data Privacy.
For information regarding the deletion of personal data please see Data Privacy.
Encryption-at-rest
Data stored in the Pro5 Platform is safeguarded using state-of-the-art encryption, applying AES-256 encryption algorithm (or stronger).
This ensures that the data is protected against unauthorized access, providing a high level of security and privacy for users and their information. It also helps in maintaining the integrity of the data, even in the event of a potential security breach.
This ensures that the data is protected against unauthorized access, providing a high level of security and privacy for users and their information. It also helps in maintaining the integrity of the data, even in the event of a potential security breach.
Encryption-in-transit
Data submitted to Pro5 is encrypted with TLS 1.2 (or stronger) over the public internet.
This ensures that the data transmission between the user and the Pro5 platform is secure, reducing the risk of data interception or manipulation by unauthorized parties.
This ensures that the data transmission between the user and the Pro5 platform is secure, reducing the risk of data interception or manipulation by unauthorized parties.
Network Security
Email Security
The Pro5 domain utilizes DMARC, DKIM and SPF to reduce the risk of email spoofing attacks.
Firewall
Pro5 utilizes the native firewall capabilities of our cloud service providers to protect our infrastructure, as well as a customized WAF (Web Application Firewall) through Cloudflare, with enhanced firewall configurations.
DDoS Protection
Pro5 secures its platform using Cloudflare, ensuring advanced DDoS (Distributed Denial of Service) protection, safeguarding the platform against attacks designed to disrupt service availability.
Virtual Private Cloud
Pro5 uses VPCs within our cloud infrastructure.
Wireless Security
Office wireless networks are secured using strong encryption and segregated from the production network.
Corporate Security
SSO
Pro5's corporate SSO (Single Sign-On) provides strong authentication and authorization for access to internal systems. Role-based access is granted using the principle of least privilege and permissions are reviewed regularly.
Logging
Important activities in our cloud infrastructure are logged and retained appropriately to assist us with investigations in the event of an incident.
Password Security
Employees are required to set strong passwords, use 2FA, and use a secure password manager to store company credentials.
Fairness
No Human Bias
Our processes exclude human subjectivity and unconscious bias through automation, standardization, and anonymization.
This ultimately leads to significantly fairer decision making than traditional manual methods
This ultimately leads to significantly fairer decision making than traditional manual methods
No AI Bias
At Pro5, our AI is continuously trained and tested with extensive unbiased data, unbiased classification, unbiased samples, unbiased labels, and algorithms that are refined whenever biases are detected.
We explicitly exclude information such as gender, age, race, marital status, socioeconomic status, and other potentially bias-inducing factors from our assessments.
Traditional methods often rely on CV keyword filtering, which offers limited understanding of the context and can be easily manipulated. In contrast, Pro5 ensures fairness by objectively focusing on the candidates’ real-world capabilities.
Moreover, we always have a human in the middle of the process to ensure that our AI’s decisions are validated, providing an additional layer of fairness and accuracy.
We explicitly exclude information such as gender, age, race, marital status, socioeconomic status, and other potentially bias-inducing factors from our assessments.
Traditional methods often rely on CV keyword filtering, which offers limited understanding of the context and can be easily manipulated. In contrast, Pro5 ensures fairness by objectively focusing on the candidates’ real-world capabilities.
Moreover, we always have a human in the middle of the process to ensure that our AI’s decisions are validated, providing an additional layer of fairness and accuracy.
Global Regulatory Compliance & Security Standards
View whitepaper →
Data Protection & Privacy:
We comply with Singapore’s Personal Data Protection Act (PDPA) by maintaining robust policies and controls to safeguard personal data.
Dedicated Oversight:
Our Data Protection Officer (DPO) oversees data handling practices, ensuring regular training, Data Protection Impact Assessments (DPIAs), and internal audits are conducted.
Transparency:
Our privacy policies clearly outline data collection, usage, retention, and subject access rights in accordance with PDPA requirements.
We comply with Singapore’s Personal Data Protection Act (PDPA) by maintaining robust policies and controls to safeguard personal data.
Dedicated Oversight:
Our Data Protection Officer (DPO) oversees data handling practices, ensuring regular training, Data Protection Impact Assessments (DPIAs), and internal audits are conducted.
Transparency:
Our privacy policies clearly outline data collection, usage, retention, and subject access rights in accordance with PDPA requirements.
Enhanced Consumer Rights:
We provide clear and accessible mechanisms for consumers to exercise their rights—such as access, deletion, and opting out of data sales—through our enhanced privacy notices and user interfaces.
Vendor Oversight:
We ensure that our third-party partners meet CPRA standards through rigorous vendor management and contractual obligations.
Ongoing Risk Assessments:
Regular privacy impact assessments and process reviews ensure our data practices remain aligned with CPRA requirements.
We provide clear and accessible mechanisms for consumers to exercise their rights—such as access, deletion, and opting out of data sales—through our enhanced privacy notices and user interfaces.
Vendor Oversight:
We ensure that our third-party partners meet CPRA standards through rigorous vendor management and contractual obligations.
Ongoing Risk Assessments:
Regular privacy impact assessments and process reviews ensure our data practices remain aligned with CPRA requirements.
Comprehensive Data Management:
Our systems maintain a detailed record of data processing activities, supported by documented legal bases (e.g., consent or contractual necessity) for all processing operations.
Data Subject Rights:
We have implemented robust procedures to handle data subject requests—covering access, rectification, deletion, and portability—in compliance with both GDPR and UK GDPR.
International Transfers:
EU and UK data transfers are safeguarded through the incorporation of Standard Contractual Clauses (SCCs) and, where applicable, Binding Corporate Rules (BCRs).Impact Assessments & Oversight:
Regular Data Protection Impact Assessments (DPIAs) are conducted to evaluate high-risk processing activities, ensuring continuous compliance.
Our systems maintain a detailed record of data processing activities, supported by documented legal bases (e.g., consent or contractual necessity) for all processing operations.
Data Subject Rights:
We have implemented robust procedures to handle data subject requests—covering access, rectification, deletion, and portability—in compliance with both GDPR and UK GDPR.
International Transfers:
EU and UK data transfers are safeguarded through the incorporation of Standard Contractual Clauses (SCCs) and, where applicable, Binding Corporate Rules (BCRs).Impact Assessments & Oversight:
Regular Data Protection Impact Assessments (DPIAs) are conducted to evaluate high-risk processing activities, ensuring continuous compliance.
Swiss Data Protection:
In line with Switzerland’s Federal Act on Data Protection (nFADP), we implement strict data minimization and robust security measures to protect personal data.
Regular Audits:
Periodic internal and external audits ensure that our privacy controls and data management processes meet or exceed nFADP standards.
Risk Management:
Our risk assessment processes are tailored to address Swiss-specific regulatory expectations, providing assurance to our Swiss clients and partners.
In line with Switzerland’s Federal Act on Data Protection (nFADP), we implement strict data minimization and robust security measures to protect personal data.
Regular Audits:
Periodic internal and external audits ensure that our privacy controls and data management processes meet or exceed nFADP standards.
Risk Management:
Our risk assessment processes are tailored to address Swiss-specific regulatory expectations, providing assurance to our Swiss clients and partners.
Risk-Based Approach:
Our cybersecurity program is mapped to the five core functions of the NIST Framework: Identify, Protect, Detect, Respond, and Recover.
Continuous Monitoring & Improvement:
We conduct regular risk assessments, threat modeling, and control validations, ensuring that our defenses evolve with the changing threat landscape.
Incident Response & Recovery:
A formalized, tested incident response plan (including government notification procedures) ensures swift containment, investigation, and recovery from any cybersecurity incidents.
Our cybersecurity program is mapped to the five core functions of the NIST Framework: Identify, Protect, Detect, Respond, and Recover.
Continuous Monitoring & Improvement:
We conduct regular risk assessments, threat modeling, and control validations, ensuring that our defenses evolve with the changing threat landscape.
Incident Response & Recovery:
A formalized, tested incident response plan (including government notification procedures) ensures swift containment, investigation, and recovery from any cybersecurity incidents.
Third-Party Validation:
We participate in the Cloud Security Alliance’s STAR program, undergoing independent audits and assessments to validate our security controls and risk management practices.
Transparency & Accountability:
Our commitment to continuous improvement is reinforced through detailed risk management documentation, audit trails, and regular reporting on our security posture.
Trust & Assurance:
By aligning our practices with STAR requirements, we provide our customers with enhanced assurance that their data is managed securely and responsibly.
We participate in the Cloud Security Alliance’s STAR program, undergoing independent audits and assessments to validate our security controls and risk management practices.
Transparency & Accountability:
Our commitment to continuous improvement is reinforced through detailed risk management documentation, audit trails, and regular reporting on our security posture.
Trust & Assurance:
By aligning our practices with STAR requirements, we provide our customers with enhanced assurance that their data is managed securely and responsibly.
Pro5 Vulnerability Disclosure Program
At Pro5, security is a top priority. We believe that engaging directly with the security community helps us improve our platform and better protect our users.
Your help is vital in maintaining a secure environment for all our users. If you believe you have discovered a security vulnerability on or within any Pro5 service, we encourage you to report it to us immediately.
Your help is vital in maintaining a secure environment for all our users. If you believe you have discovered a security vulnerability on or within any Pro5 service, we encourage you to report it to us immediately.