How to manage export of candidates’ data from Teamio.
There are two ways how you can export the candidates’ data.
Manual Export
For some of you who do not work intensively with candidates in your talent pools in Teamio it makes sense to copy and download CVs only of a chosen candidates. This can be done easily directly in Teamio. Simply go to Cards of chosen candidates and download any attached documents and copy any data available, including contacts, internal notes, history of communication. Please remember to copy last Consent submitted by each candidate, it is in the activity history of each candidate.
Manual export makes sense in case you want to export only a couple of dozens “candidates”, up to 2000.
Automatic export
In case you need to export hundreds of CVs and other data of your candidates follow these steps.
Important: Please bear in mind that only candidates with valid Consent can be exported.
Sample data for testing
First of all let a technical person who will be responsible for importing the data to your new recruitment application go through the sample of exported files below.
Download candidates’ export example
The zipped folder contains:
- Folder “att” with all CVs and other documents that candidates attached while applying for positions. Each binnary file has a unique id that is linked to unique candidate.
- File “candidates_attachments.csv” enables you to connect the candidates with their CVs and other documents they attached.
- File “candidates_data.csv” gives identification of candidates together with their unique ID (names, surnames, e-mails, phone numbers and internal notes).
- File “candidates_history.csv”.
Note: “.csv” files are encoded in UTF-8. They can be easily opened in Open/Libre Office. Before opening in Excel the charset should be changed to Windows-1250.
Secure transfer of data
Final zipped folder with the data will be encrypted using 7-ZIP (Download the file archiver here: http://www.7-zip.org). Password for opening the folder will be shared via SMS. Data can be shared via GoogleDrive, Dropbox, Myairbridge.com or any other similar online service for data sharing.
The recommended way for sharing the data requires – on the side of the client! – to prepare SFTP (optionally SCP or at least FTPS).
FAQ
Certification / Audit Reports
Could you please provide- ISO/IEC 27001:2013, including the scope of the certification and the Statement of Applicability (SoA) for your organization / your application / your Data Center- Service Organization Control 2 (SOC2) type II report for your application / your Data CenterIf not available: is there any external 3rd party audit report available to proof evidence of the effectiveness of implemented security measures and processes?
Currently, ALMA Media group (which LMC is a part of) has no immediate plans to conduct ISMS certification process, so LMC can’t provide proof of ISMS status issued by authorized certification body. LMC company internally handles its security management processes according to ISO27001, SoA declaration so it is available.
Encription Data-at-Rest
Could you please describe how you are protecting the Siemens data-at-rest (e.g. is the database encrypted, certain sensitive data in the database, harddrive only, …)?
Dedicated data storages (raid5) are located at physically protected data centers (cloud providers). Changes of hardware (particular hdd) are done by provider, hdd data (although has no sense on particular raid disk itself) are made unusable (secure wipe, mechanical damage etc. based on situation) before leave of the premises. Encryption of database or its part has no sense for the requested mode of operation. CIS datacenter has certification TIER III, OpenX, ANSI / TIA 942.
Encryption Data-in-Transfer
Which secure protocols are you supporting to transfer data from/to your solution? If TLS is used: is ONLY TLS 1.2 or higher enforced?
HTTPS/TLS 1.2, in rare cases TLS 1.1. All traffic to/from Teamio is directed via Flowguard – DOS protection solution. https://flowguard.io/ochrana-webu/.
409 / 5000
TLS 1.2 is fully supported by us, so there is nothing to prevent clients who want to use a newer version of the protocol. We have TLS 1.1 enabled due to the support of older browsers or older versions of PHP, both on the Teamio user interface and on the export / import interface. As soon as clients leave TLS 1.1, we are ready to turn off the protocol version 1.1, I assume in Q3 / 2021 at the latest.
Machine Authentication
When connecting your servers with customer servers: how is the machine-machine authentication implemented? E.g. using certificates or simple username/passwords?
Communication is over HTTPS, server certificates are used issued by DigiCert Inc. For user authentication, username/password authenticated is used. Users can change passwords on his/her demand.
User Authentication
How are Teamio-Administrator accessing the solution? Via Jump Host/Admin Gate/Citrix? Using 2-Factor-Authentication or simple Username/Password authentication?
LMC administrators has limited access – only for people really needed to maintain application. All access is audited, user/password over HTTPS is used. (No Citrix). Password policy is in detail described here: https://www.teamio.com/en/security/#tech-specs-security
Is it possible to implement 2-Factor Authentication also for Siemens user (e.g. connecting the Siemens Identity Provider MyID via SAML 2.0)
2-factor authentication is not suported by Teamio. Teamio sources are under control of LMC, new features are implemented based on market requirements.
Logging/Monitoring
Are security relevant events on infrastructure and application level logged, securely stored and automated / timely manner analysed?
All security relevant events are logged, stored, but not regularly analyzed at the moment
Backup/Restore
How often are backups done? Are they also encrypted? What are the agreed RPO/ RTO times?
We make backups every 4 hours as snapshots + databases are backuped continuously. Not encrypted. Only limmited number of persons have access, backuped are stored on safe locations.
Incident Management
How and when will Siemens be informed if an incident happens on Teamio side?
Incidents causing service degradation are reported to all customers via info pages. GDPR violations are supposed to be reported to GDPR protection officer, according to valid law. There is no special reporting set up towards individual customers.
Patch Management
How often are the servers patched? Is there an emergency patch process in place?
Servers which are reachable directly from the internet are patched once a month. In case of known vulnerability immediately. We don’t have any emergency process because we are able to react quickly enough
Penetration Test
Are external PEN tests conducted on a regular basis? If so: can you provide at least a management summary of the latest PEN Test results?
Yes, we use to perform penetration test using CVSSv3 Base Metric Group (BMG), ussually once per year. Vulnerarabilities found were fixed immediatelly.
Data Separation
How is Siemens sensitive data separated from other customer data? Virtually, physically, …?
Data of all customers are stored in LMC private cloud. As we have over 90k company registration, it is technically impossible to separate each customers data. On logical/application level, every access to customers data is authenticated and each reagitration data is strictly separated. We run massive automated tests on everyday basis to assure quality of our software solution.