Security Policies

System Security:

• Firewall Security: All servers operate behind a firewall device that prohibits unauthorized access from the outside.
• Data Encryption: Bullhorn leverages the strongest encryption products to protect customer data and communications, including 128-bit Geotrust (www.geotrust.com) SSL Certification and 1024 Bit RSA public keys.
• User Authentication: Users access Bullhorn only with a valid username and password combination, which is encrypted via SSL while in transmission. An encrypted session ID cookie is used to uniquely identify each user.
• Application Security: The Bullhorn security model has been designed from the ground-up to prevent one Bullhorn customer from accessing another's data. User access is verified enforced with every data request.
• IP Systems Security: Internal IP systems are protected by network address translation, port redirection and non-routable IP addressing schemes.
• Operating System Security: Bullhorn enforces tight operating system-level security by using a minimal number of access points to all production servers. System accounts are protected with strong passwords. Operating system patches and security updates are applied regularly. Each server is "hardened" by disabling and/or removing any unnecessary users, protocols and processes.
• Database Security: Database access is controlled at the database connection level. Access to production databases is limited to a distinct number of points.
• Data Management: All data entered into the Bullhorn application by a customer is owned by that customer. Bullhorn, Inc employees do not have direct access to the Bullhorn production equipment, except where necessary for system management, maintenance, monitoring, and backups.

Production Data Center Environment: SAVVIS Hosting Services The Bullhorn Production System is hosted by SAVVIS' Intelligent Hosting^SM solutions. This service offers a secure, reliable and high-performance infrastructure. Located in a physically secure environment, their redundant infrastructure offers a flexible platform with guaranteed connectivity boasting the following features:

• World-class Facilities
  • Seismically braced facilities and racks
  • Redundant heating, ventilation, and air conditioning
• Professional Operations
  • Remote Power Management Service (RPMS)
  • IP address allocation and domain name services (DNS)
  • Monitoring and reporting services
  • Experienced, highly-trained facilities staff
• High Security and redundancy
  • Very-Early Smoke Detection Alarm (VESDA) and dual-interlock fire suppression systems
  • Uninterruptible Power Supply (UPS) with automatic power transfer bridge system
  • Integrated biometric card access control
  • 24/7 CCTV video surveillance and recording
  • Security staff on patrol 24 hours a day, 7 days a week
  • Monitoring for HVAC and mission-critical power systems

The SAVVIS' Intelligent Hosting^SM solutions network features one of the fastest backbones in the U.S., operating at speeds up to 9.952 Gbps (OC-192, STM 64). Beyond raw speed, enterprises and service providers realize additional performance benefits from using a more efficient, unified infrastructure.

Production Data Center System Fault Tolerance:
Bullhorn's systems are completely fault-tolerant and redundant. In the event that any hardware or software fails, a duplicate system is already on-line and takes over all loads immediately. The application is built to seamlessly handle these events. There is no decrease in performance while the application adjusts to infrastructure reconfigurations. All data is written to back up devices on an ongoing basis. In addition, the entire system is built with a RAID disk array, which means that there are multiple disk drives available at any one time.

The fault tolerance and disaster recovery process for each sub-system of the Bullhorn application are detailed as follows:

• Firewall: In the event the primary firewall server fails, the backup firewall server will be promoted and will assume all traffic. Once the failed device is brought back online, that device becomes the backup firewall.
• HTTP and Mail Load-balancing: In the event the primary load-balancing server fails, the backup load-balancing server will be promoted and will assume all traffic. Once the failed device is brought back online, the device becomes the backup load balancer.
• Active Directory and DNS: Because the Bullhorn production environment has 3 Active Directory Domain Controllers / DNS servers, any two of the three can fail. Once a Domain Controller / DNS server is brought back online, it re-enters the pool.
• Web Servers and Application Servers: The Bullhorn production environment has 7 Web Servers per web-farm. In the event of a failure, the load balancers will remove the failed server from the pool. Any 6 of the servers can fail without an interruption of service. Once a failed web-server is brought back online, it re-enters the pool.
• File Servers: In the event the primary file server fails, the backup file server will be promoted and will assume all traffic. Once the failed device is brought back online, that device becomes the backup file server.
• Report and Ancillary Application Servers: In the event the primary report / application server fails, the backup report / application server will be promoted and will assume all traffic. Once the failed server is brought back online, that device becomes the backup report / application server.
• Database Servers: In the event the primary database server fails, the backup database server will be promoted and will assume all traffic. Once the failed server is brought back online, that server becomes the backup database server.
• Email: In the event the primary email server fails, traffic is automatically sent to the backup email server. Once the failed server is brought back online, that device reassumes traffic.
• Network and Telco: All network and Telco equipment is redundant, and all servers have at least 2 network interfaces.
• Power: All power to the data center is conditioned and fail-safe (data center has 2 backup generators)
• Bandwidth: All bandwidth to the data center is redundant (data center has multiple feeds from varying providers). Additionally, Bullhorn is provisioned with 2 separate data feeds.
• Backups: Full data backups occur every night. Incremental backups occur every 4 hours

Off-site Disaster Recovery/Business Continuity:

Bullhorn plans to have a secondary disaster recovery site that will offer access to critical Bullhorn functions and data in the future.

	By integrating email, calendaring, sourcing, applicant tracking, job management and customer relationship management, Bullhorn's On Demand, integrated front office enables users to communicate and collaborate with contacts, candidates, colleagues and clients in real-time to generate, source and fill job orders, at anytime and from anyplace. Talk to an expert. Contact us now.