Executive Summary
PyjamaHR is committed to the highest standards of data security and privacy for all customers. We are SOC 2 compliant and ISO 27001 certified, ensuring robust information security controls, active monitoring, and industry-leading protection against cyber threats. This article answers the most common customer questions about our security certifications, explains how these standards impact your experience, and provides practical guidance for compliance-related workflows.
Detailed Overview
What Are SOC 2 and ISO 27001?
SOC 2 (System and Organization Controls 2): An independent audit standard focused on controls relevant to security, availability, processing integrity, confidentiality, and privacy of customer data. SOC 2 compliance means PyjamaHR has implemented strict policies, procedures, and technical safeguards to protect your data.
ISO 27001: An internationally recognized standard for information security management systems (ISMS). Certification demonstrates that PyjamaHR systematically manages sensitive data, identifies risks, and implements controls to mitigate them.
Why It Matters:
These certifications are not just badges—they directly impact how PyjamaHR protects your data, detects suspicious activity, and responds to potential threats. Many customers (especially in regulated industries or those working with enterprise clients) require proof of these certifications for vendor approval.
How PyjamaHR Security Certifications Affect Your Experience
Active Account Protection: PyjamaHR uses SOC 2-compliant, real-time monitoring to detect suspicious logins (e.g., from multiple devices, locations, or browsers). If suspicious activity is detected, your account may be temporarily frozen while our team investigates.
Business Verification: Anti-spam AI filters and manual verification processes ensure only legitimate businesses can use PyjamaHR, protecting the platform and candidate pool from fraud and abuse.
Data Handling: All customer data is managed according to ISO 27001 best practices, including secure storage, access controls, and regular audits.
Step-by-Step Guide: Navigating Security-Related Workflows
1. Account Flagged for Suspicious Activity
What Happens:
- You may see a message: “Suspicious activity detected. Your account has been flagged for security reasons. Please contact support to restore access.”
- Common triggers: Logging in from multiple devices, locations, or browsers; sharing credentials; VPN usage from different regions.
What To Do:
1. Contact Support Immediately: Use in-app chat or email. Provide your registered email and a phone number for quick resolution.
2. Verification Call: Be ready for a call from the PyjamaHR team to verify your identity and recent login activity.
3. Password Reset: Once your account is restored, change your password and avoid sharing credentials.
4. Add Team Members Properly: If multiple people need access, invite them as users via Settings > Team Members. Do not share a single login.
Screenshot Callout:
- Show the “Suspicious Activity Detected” message and the “Invite Team Member” screen in Settings.
2. Business Verification for New Accounts
When Required:
- If your company is flagged by anti-spam filters or you’re a new customer, you may be asked for:
- Company website URL
- LinkedIn company page
- Business registration documents (e.g., GST, Certificate of Incorporation, EIN, etc.)
Steps:
1. Submit Documents: Upload or email the requested documents to support.
2. Manual Review: PyjamaHR’s compliance team will review and may schedule a Zoom call for further verification.
3. Account Activation: Once verified, your account will be unblocked and you’ll receive confirmation.
Screenshot Callout:
- Example of the document upload prompt and verification email.
3. Requesting Security Certification Reports
How to Request:
- Email support or use in-app chat to request the latest SOC 2 or ISO 27001 report.
- For urgent vendor audits, specify your deadline.
What You’ll Receive:
- A PDF copy of the latest SOC 2 Type 2 report and/or ISO 27001 certificate.
- Confirmation of compliance for your records.
Advanced Usage & Best Practices
Single User Per Login: Each user must have their own credentials. Sharing logins is a violation of SOC 2 compliance and will trigger account freezes.
VPN Usage: Using VPNs from different regions may trigger security alerts. If you must use a VPN, inform support in advance.
Traveling or Remote Work: If you log in from a new location (e.g., while traveling), notify support to avoid unnecessary account flags.
Adding/Removing Users: Always use the Team Members feature in Settings to manage access. Remove users who no longer need access to maintain compliance.
Data Requests: For audits, you can request data export or certification documents at any time.
Troubleshooting & Common Issues
Issue: Account Frozen for Multiple Logins
Symptoms: Can’t log in; see “Suspicious activity detected.”
Solution: Contact support, verify your identity, reset password, and avoid sharing credentials.
Issue: Business Verification Block
Symptoms: “Your account has been blocked. We are unable to validate your company details.”
Solution: Provide website, LinkedIn, and business registration docs. Schedule a verification call if requested.
Issue: Job Posting Blocked or Account Suspended
Symptoms: Jobs not publishing; account blocked after payment.
Solution: Check if your company or LinkedIn page is flagged. Provide documentation and request manual review.
Issue: Need Security Reports for Audit
Symptoms: Vendor or client requests SOC 2/ISO 27001 proof.
Solution: Request reports via support; provide your company name and urgency.
Issue: Frequent Account Lockouts
Symptoms: Regularly flagged for suspicious activity.
Solution: Ensure only one user per login, avoid using multiple devices simultaneously, and always log out before switching devices.
Comprehensive FAQ
Q1: Is PyjamaHR SOC 2 compliant?
A: Yes, PyjamaHR is SOC 2 compliant. We can provide the latest SOC 2 Type 2 report upon request.
Q2: Is PyjamaHR ISO 27001 certified?
A: Yes, PyjamaHR is ISO 27001 certified. Certification documents are available for vendor audits.
Q3: Why was my account flagged for suspicious activity?
A: Our SOC 2-compliant security system detected logins from multiple devices, locations, or browsers, or possible credential sharing. This is to prevent account hijacking.
Q4: What documents are required for business verification?
A: Valid company website, LinkedIn company page, and business registration documents (GST, EIN, Certificate of Incorporation, etc.).
Q5: Can I use my account on multiple devices?
A: You can, but not simultaneously. Logging in from multiple devices at the same time or sharing credentials will trigger security alerts.
Q6: What if I travel or work remotely?
A: Notify support if you plan to log in from a new location or use a VPN to avoid being flagged.
Q7: How do I add more users securely?
A: Go to Settings > Team Members and invite each user individually. Do not share your login.
Q8: How do I get a copy of your SOC 2 or ISO 27001 report?
A: Request via support chat or email; specify if it’s for a vendor audit.
Q9: What happens if my business verification fails?
A: Your account will remain blocked until valid documentation is provided and verified.
Q10: Can I use PyjamaHR if I’m a freelancer or don’t have a company registration?
A: No, PyjamaHR requires valid business registration for all accounts as part of our compliance and anti-fraud measures.
Q11: What if my company is flagged by LinkedIn or job boards?
A: PyjamaHR cannot override external platform flags. You must resolve issues with LinkedIn or the relevant job board directly.
Q12: How do I ensure my account isn’t flagged again?
A: Use unique logins for each user, avoid simultaneous logins from different devices/locations, and keep your credentials secure.
Related Features & Next Steps
User Management: See: Inviting Team Members and Managing Access
Data Export: Exporting Candidate Data
Business Verification: Business Verification Process
Security Best Practices: Understanding Access Types
Next Steps:
- Review your user access and ensure compliance with single-user login policies.
- Prepare your business verification documents for smooth onboarding.
- Contact support for any security-related questions or to request certification reports.
Summary Table: Security Certification Quick Facts
Certification | Status | How to Request Proof | Impact on You |
SOC 2 Type 2 | Compliant | Support chat/email | Active account monitoring, data safety |
ISO 27001 | Certified | Support chat/email | Secure data management, audit-ready |
GDPR | In progress | Not yet available | (Planned) Enhanced privacy controls |
Still have questions?
Contact PyjamaHR Support or use the in-app chat for immediate assistance.
This article is based on real customer conversations and is updated regularly to reflect the latest security practices and customer needs.