We’re back with the next in our ATS health-check series.

Last week we looked at whether your recruitment software was ready to attract and engage passive candidates. Now we’re turning our attention to security.

This simple guide offers three key things you need to check to make sure you have a secure Applicant Tracking System.

With high profile data hacks making the news with frightening regularity, it’s essential that you know how to keep your candidate and job data safe.

So what do you need to look out for?

1. Check this: Is your ATS running over https?

This is fundamental for a secure Applicant Tracking System, and one of the first things you should check.

Look at the URL of your system. A secure Applicant Tracking System should start with https://

If it doesn’t, it means your ATS is not running over a secure connection. You need to talk to your supplier to understand why this is the case.


  • Yes, my Applicant Tracking System is running over https

 2. Find this out: What are your supplier’s security credentials?

Your recruitment software supplier should be audited by security consultants to make sure that they are meeting the latest OWASP standards and best practices.

You should also find out if your supplier has run your system and careers site through SSL certificates. These certificates are a way to verify that your sites are not vulnerable to common attack vectors, and a high rating can reassure you that your site’s levels of security are strong.

SSL certificates run on a scale from A-D, with A being the highest.


  • My recruitment software supplier is audited by recruitment consultants
  • My supplier has run my site through an SSL certificate
  • My site is rated A for its SSL certificate


3. Ask this: Questions for your ATS supplier

 One of the best ways to understand if you have a secure Applicant Tracking System is to open up a discussion with your supplier, especially if you are concerned that your candidate or job data may be vulnerable.

Strong system security should be a matter of course, and any reputable supplier should be unfazed by the following questions:

1.“Do you have any references from your last security audit?”

This is a good way to understand what your supplier does well in terms of security – and if there are any processes that they could improve.

2. “Do you have enforced secure password policies?”

A strong password is the cornerstone of online security and a secure Applicant Tracking System. Find out if your supplier sets certain requirements for candidate portal passwords such as mandatory numerical characters or a minimum length.

3. “Where is my information kept?”

It is essential that your candidate and job data is safely stored and that your supplier’s storage is not vulnerable to security breaches. Also check in which country your data is stored, as some regions have different Data Protection Laws.


  • My recruitment software supplier can answer the above 3 questions
  • My supplier has provided me with security audit references and they are positive
  • I am confident that my supplier stores my data safely

What else can you do to make sure you have a secure Applicant Tracking System?

From making sure you have a strong password to keeping your anti-virus protection updated, there are lots of steps that you personally can take to enhance your online security.

Make sure you regularly run system updates on your PC (no matter how much of a pain they might be!) and ensure your team knows not to open attachments, files or links from unknown sources.

That concludes our second ATS health-check. If you’re confident in your system’s security, perhaps it’s time to check out whether your Applicant Tracking System is ready for passive candidates.

Find out more

Secure recruitment software in more detail: Meet Anton

11 essential Applicant Tracking System reads

Meet Paul and understand more about ATS reporting

About the author

Tristan Potter

Tristan has a decade's worth of experience writing content and copy for organisations across Bristol and the Southwest of England. He has written on a diverse range of topics, including technology, philosophy, politics, and recruitment. His writing has appeared in The Drum, HR Grapevine, and The Guardian, among other publications. He joined Hireserve in March 2022.