2. Data classification and management

Effective data classification and management are critical to ensuring the security and privacy of sensitive information. VISKO HR employs automated processes and robust privacy controls to manage data efficiently and securely.

Data Segregation

• Automated Processes: We utilize advanced algorithms and machine learning models to classify data automatically, such as internships and job listings. This ensures proper organization, reducing the risk of misclassification and unauthorized access.

• System Efficiency: Our automated data segregation enhances system efficiency, enabling recruiters and job seekers to find relevant information in seconds. It reduces manual errors and improves the overall user experience.

• Security Controls: Each data category has specific security controls tailored to its sensitivity and usage. For example, job-related data may have different access restrictions than internship-related data, ensuring every type of information is protected according to its risk profile.

Data Privacy

• User Control: Users have full control over their personal information, with the ability to update, modify, or delete their data. They can also choose to hide their mobile numbers for enhanced privacy.

• Privacy Seekings: Our platform ensures that privacy settings are easily accessible and configurable. Users are informed about the implications of their choices, particularly regarding contact information visibility.

• Data Anonymizanon: We have implemented data anonymization techniques to protect user identities, especially for analytical purposes. It reduces the risk of personal data exposure or misuse.

3. Sharing your information

Strong user authentication and access control mechanisms are essential to maintaining the integrity and confidentiality of Remark’s information systems.

User Registration

• License Agreement: Users need to read and agree to a comprehensive license agreement before registering on Remark’s mobile and web applications. The agreement outlines the terms of service, privacy policies, and user responsibilities.

• Verification: To ensure the accuracy of user-provided information, we implement a verification process that may include email verification, phone number verification, and CAPTCHA to prevent automated sign-ups.

Access Control

• Role-Based Access Control (RBAC): We have implemented RBAC to ensure users can access only the data and functions necessary for their roles. It minimizes the risk of unauthorized access and potential data breaches.

• Access Levels: Our platform defines different access levels for various user roles, including recruiters, job seekers, AI developers, and administrators. We regularly review and update access permissions to reflect changes in roles and responsibilities.

• Audit Trails: We also maintain detailed audit trails of access and actions performed within the system. It helps us monitor user activities and detect unauthorized access or suspicious behaviour.

4. User authentication and access control

Remark leverages AI to enhance its services, from acting as a freelance assistant to assisting in job description creation. We prioritize the secure integration and management of AI systems to ensure reliability and user safety.

Freelance AI Integration

• Secure Integration: We have implemented secure protocols for integrating AI systems that act as freelancers. It includes ensuring that AI models are securely trained and deployed, with regular security assessments to identify and mitigate vulnerabilities.

Regular Updates: Our AI systems receive frequent updates with the latest security patches and improvements. Continuous retraining enhances accuracy and helps AI adapt to emerging threats.

Monitoring and Evaluation: Our AI systems receive frequent updates with the latest security patches and improvements. Continuous retraining enhances accuracy and helps AI adapt to emerging threats.

AI Job Description Creation

• Data Integrity: AI-generated job descriptions are validated to maintain accuracy and compliance with quality standards. It ensures that the information provided is reliable and useful.

• Privacy Protection: We have implemented strict privacy measures to protect user data. Personal information is anonymized, and AI operations comply with data protection regulations to safeguard user confidentiality.

• Ethical AI Use: Our AI systems adhere to ethical standards, ensuring transparency and fairness. Data anonymization techniques prevent personal information from being exposed or misused, especially when used for analytical purposes.

5. AI intregation and management

We prioritize security by implementing a structured incident reporting and response system to ensure quick action and risk mitigation.

• Reporting Mechanism: We provide an accessible process for users, employees, and contractors to report security incidents. It may include an online form, a dedicated email address, or a hotline for immediate assistance.

• Types of Incidents: We have defined the types of incidents that must be reported, such as data breaches, unauthorized access, malware infections, system outages, and misuse of the platform.

• Immediate Action: We encourage prompt reporting to ensure a swift response. Users get guidance on what information to include, such as the nature of the incident, affected systems, and any immediate actions taken.

Incident Response Team (IRT)

• Formation and Roles: A dedicated Incident Response Team (IRT) is in place, comprising members from IT, security, legal, and communications departments, ensuring a coordinated response.

• Response Plan: Our incident response plan outlines key actions, including incident identification, containment, eradication, recovery, and post-incident analysis to strengthen future security.

• Communication: :We ensure timely and accurate information sharing within the IRT and with affected stakeholders. It includes notifying impacted users, management, and regulatory bodies as required.

• Training and Drills: Regular training and incident response drills prepare our team to handle security threats effectively. The incident response plan is reviewed and updated based on real-life cases and drill insights.

6. Incident response and management

Maintaining a safe and respectful environment on Remark requires strict adherence to community standards and legal requirements. We ensure that all content posted on our platform aligns with the guidelines.

Content Moderation

• Automated Monitoring: We utilize sophisticated algorithms and machine learning models to auto-categorize and review content, such as job listings and internships. This systematic approach minimizes misclassification and prevents unauthorized access.

• Manual Review: In addition to automated monitoring, trained moderators manually review flagged content to handle complex cases and appeals, ensuring fair and consistent decisions.

• Repoting Mechanism: Users can easily report inappropriate content through our platform. Each report gets reviewed promptly, and appropriate action is taken based on the findings.

User Warnings and Blocking

• Warning System: Users who violate content guidelines receive an initial warning explaining the nature of the violation and the consequences of further misconduct.

• Escalation Process: If a user continues to post offensive or inappropriate content after receiving a warning, VISKO HR has the authority to block their account. This process follows a structured escalation procedure with clear documentation.

• Transparency: Our platform ensures full transparency in the content moderation process. Users are notified of the reasons for warnings or account blocks. They also have the option to appeal if they believe their content was wrongly flagged or their account was unjustly blocked.

7. Content monitoring and user conduct

At Remark, protecting user data is our top priority. We implement robust data protection measures to safeguard sensitive information against unauthorized access, breaches, and misuse.

Data Encryption

• Encryption at Rest: We use strong encryption algorithms to protect sensitive data stored on Remark’s servers. This ensures that even if unauthorized parties access the data, it remains unreadable and secure.

• Encryption in Transit: Data transmitted between users and Remark’s servers is encrypted using TLS (Transport Layer Security) protocols. It protects information from interception or tampering during transmission.

• Key Management: A secure key management system is in place to handle encryption keys. Access to encryption keys is strictly limited to authorized personnel, ensuring maximum data security.

Privacy Controls

• User Privacy Settings: Our platform provides an intuitive interface for users to manage their privacy settings. Users can control what personal information is visible to others, including the option to hide their mobile numbers for added privacy.

• Privacy by Design: We integrate privacy-first principles in developing Remark's systems. It includes minimizing data collection, applying data anonymization techniques, and ensuring compliance with data protection laws.

•Liability Disclaimer: Our privacy policy clearly states that Remark is not liable for the misuse of mobile numbers if users choose not to hide them. We educate users on the potential risks of publicly sharing personal information and encourage them to use the available privacy controls for enhanced protection.

8. Data protection and privacy

Ensuring compliance with legal and regulatory requirements is crucial for Remark to maintain its reputation, protect user data, and avoid legal penalties. We adhere to global and local laws governing data protection, privacy, and technology use.

Regulatory Compliance

• Data Protection Laws: Remark complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant local and international regulations. We implement measures to protect personal data, ensure lawful data processing, and provide users with rights over their data.

• Privacy Regulations: Our platform enforces strict privacy compliance through a combination of automated monitoring and manual reviews by trained moderators, ensuring fair and consistent decision-making.

• Industry Standards: We follow globally recognized information security standards such as ISO/IEC 27001 and the NIST Cybersecurity Framework, ensuring that Remark’s security measures align with best industry practices.

User and Company Compliance

• User Responsibilities: Before accessing Remark’s services, users must agree to a comprehensive license agreement that outlines their responsibilities, including adhering to platform rules, protecting account credentials, and respecting user rights.

• Company Liabilities: VISKO HR has clearly defined its liabilities and disclaimers within the license agreement. This includes limitations on company liability regarding data breaches, platform misuse, and third-party actions.

•Periodic Updates: We recognize that training and awareness programs are crucial in ensuring that employees, contractors, and users understand their roles and responsibilities in maintaining security and privacy.

9. Compliance and legal-requirements

We conduct regular security training sessions for all employees and contractors, covering essential topics such as phishing attack recognition, secure password practices, data protection principles, and incident reporting procedures.

Security Training

• Employee Training: We conduct regular security training sessions for all employees and contractors, covering essential topics such as phishing attack recognition, secure password practices, data protection principles, and incident reporting procedures.

• Specialized Training: Employees with elevated access privileges or those handling sensitive data receive specialized training. This includes secure coding practices for developers, data-handling protocols for analysts, and compliance guidelines for legal and compliance teams.

• Continuous Learning: We foster a culture of continuous learning by providing access to webinars, online courses, and security bulletins. Our training materials are regularly updated to reflect the latest security threats and best practices.

User Education

• Privacy Best Practices: We educate users on safe online practices, emphasizing the importance of being cautious when sharing personal information and utilizing available privacy settings.

• Security Awareness: Our platform offers guidance on recognizing and avoiding common threats such as phishing scams, malware, and unauthorized access. We also provide practical tips on securing devices and accounts.

• Resource Center: We maintain a dedicated resource centre featuring guides, FAQs, and tutorials on privacy and security topics. This information is easily accessible through the Remark platform and is updated regularly with new content.

10. Training and awareness

Regular monitoring and review of security practices are essential to identify and mitigate potential threats while ensuring the effectiveness of security measures.

Regular Audits

• Internal Audits: We conduct regular internal security audits to evaluate the effectiveness of security controls. This includes reviewing access logs, system configurations, and compliance with security policies to identify areas for improvement.

• External Audits: Third-party auditors perform external security assessments and penetration tests to provide an unbiased evaluation of Remark’s security posture. These audits help uncover vulnerabilities that internal audits might miss.

• Risk Assessments: We conduct regular risk assessments to identify and evaluate potential threats to Remark’s information assets. The results guide us in prioritizing security initiatives and effectively allocating resources.

Policy Review

• Annual Review: Our security policy undergoes a systematic review at least once a year to ensure it aligns with current threats, regulatory changes, and industry best practices.

• Continuous Improvement: We foster a culture of continuous improvement by encouraging feedback from employees, contractors, and users on the effectiveness of our security policies. This feedback helps us make necessary adjustments and enhancements to strengthen security measures.

11. Enforcement

Ensuring compliance with our security policy is essential for maintaining the integrity of Remark’s information systems and data.

Policy Compliance

• Enforcement Mechanisms: We have implemented automated compliance checks, regular monitoring of user activities, and security audits to ensure adherence to our security policy.

• Disciplinary Action:Non-compliance may result in warnings, suspension, termination of employment, or revocation of user access, depending on the severity of the violation. All enforcement actions are documented and consistently applied.

• Legal Action: In case of severe violations such as deliberate data breaches or fraudulent activities, we reserve the right to pursue legal action to protect Remark’s interests and uphold legal obligations.

12. Contact information

Providing direct contact details ensures that users and employees know how to report security concerns and receive assistance when needed.

Security Contact

• Information Security Officer (ISO): Users can contact the ISO via email or phone for security-related concerns, policy inquiries, and guidance on compliance.

• Incident Response Team (IRT): The IRT can be contacted via a dedicated email or hotline for reporting security incidents and data breaches.

• Support Channels: We offer multiple support options, including a helpdesk, online chat, and a ticketing system, ensuring that users can quickly and easily report security concerns and seek assistance.