Overview
You can create a Document Upload Task within Evolve ATS Onboarding and secure the document. This feature can be used for new hires to upload sensitive information such as IDs, banking information, certifications, etc.
Audience
Onboard Admin, Onboard Orchestrator, and Human Resources roles
NOTE: Any secured data/documentation in Onboarding requires the HR role to view.
Configuration
To create a Document Upload Task Template, navigate to Onboard Admin > Task Templates.
Click + New Task Template.
Select Document Upload Task Template from the Choose type dropdown, then click Create.
Select Make this document secure.
Access to secured documents is limited to users with specific permissions. Here is some additional information on how this security is configured:
- Any uploaded document marked as secured has role-based access limitations. Outside of the permissions listed below, anyone viewing the associated task will see text citing it as a Secured field in place of the document link in the task overview.
- Any secured data/document in Onboarding requires the HR role to view. In some cases, the user will need both the Onboarding Orchestrator and the HR role, as the Orchestrator role is required to access and navigate specific new hires/tasks. However, the HR role is mandatory in viewing secured information.
- When marked as secure, any uploaded document will be stored in the Evolve ATS Encryption Vault, which uses AWS KMS (Amazon Web Services Key Management Service). No one, including Evolve ATS employees with data storage access, can retrieve the uploaded/stored document. Also, the data is stored in encrypted format in the Encryption Vault. The Encryption Vault provides encryption (via AWS KMS) and cipher text storage (DynamoDB/S3) to ensure that secure encryption is handled consistently and is compliant for all use cases. In a typical encryption scenario, the private key is exposed to the software that wants the encryption to occur, and this exposure can lead to unauthorized usage of the key; however, the AWS KMS service provides a safeguard against this by never exposing the actual cipher key to the calling software.
NOTE: The Encryption Vault is used across all of our applications.
Once you have finished configuring the task to your needs, click Save.