Pro5 Trust Center

Welcome to the Pro5 Trust Center.
Our commitment to data privacy and security is embedded in every part of our business. Use this page to learn about our security posture and request full access to our security documentation.

Product Security


Pro5 runs on highly secure, scalable infrastructure on the cloud. Security is a key feature of our technology stack, from the infrastructure up to the application.

Our proprietary software goes through regular security assessments & config audits. 

Please reach out to us for access to our latest Security & Pen Test reports.

Audit Logging

The Pro5 Platform offers comprehensive Audit Trails for events and changes that take place across the different layers of the Tech Stack. This allows us to validate all user and system activities, and trace back all changes made within the application.

The Audit Trail includes a detailed description of the action, resource affected, and a timestamp.

Role-Based Access Control

RBAC has been implemented throughout the Pro5 platform, including custom roles which can be used to control permissions for Users, User Groups, or Service Accounts.

Please reach out to us for access to our Roles and Permissions Matrix.


We have clear BCDR (Business Continuity & Disaster Recovery) plan in place, with RAS (Reliability, Availability, Scalability) as a key focus of the platform.

Please reach out to us for access to our BCDR plan.


The Pro5 platform integrates only with highly reputable 3rd party repositories and providers. We call connections to cloud platforms "Cloud Providers" and connections to other platforms "Connectors".

Please reach out to us for a full list of Connectors.

Product Development

Our Secure Software Development Life Cycle (SSDLC) integrates security practices into each stage of the development process, including the requirements, design, implementation, and testing.

Please reach out to us for an overview of our SDLC process.


Our secure Change Management process ensures that changes occur in a controlled and secure manner, from definitions to execution. The process is continuously monitored and improved, and stakeholders are educated about the importance of security in the change management process.

Please reach out to us for an overview of our Change Management process.


We have clear Security Incident plan in place for identifying, assessing, and responding to incidents. After every incident, we document key takeaways and learnings to help improve the process and prevent similar incidents in the future.

Please reach out to us for an overview of our Incident Management process.

Data Security

Personal Data Protection Act Compliance

The Personal Data Protection Act (PDPA) provides a baseline standard of protection for personal data in Singapore. Pro5 applies controls on our infrastructure, application and data policies to ensure compliance with the PDPA requirements.

For information regarding the deletion of personal data please see Data Privacy.


We take our users’ data seriously. Our data classification ensures that data remains within defined trust boundaries.

In the event of a data breach, no user data will be impacted.

Please reach out to us for access to our Data Classification policy.


We perform point-in-time backups of critical systems and data stored in our environment, taking snapshots of every change, and allowing us to restore to an exact point in time in case something goes wrong.

Backups are encrypted, and access to data stores is restricted by the principle of least privilege.

Data Erasure

User data is deleted automatically after a user's account is marked as expired.

For information regarding the deletion of personal data please see Data Privacy.


Data stored in the Pro5 Platform is safeguarded using state-of-the-art encryption, applying AES-256 encryption algorithm (or stronger).

This ensures that the data is protected against unauthorized access, providing a high level of security and privacy for users and their information. It also helps in maintaining the integrity of the data, even in the event of a potential security breach.


Data submitted to Pro5 is encrypted with TLS 1.2 (or stronger) over the public internet.

This ensures that the data transmission between the user and the Pro5 platform is secure, reducing the risk of data interception or manipulation by unauthorized parties.

Physical Security

Physical security of our infrastructure is managed by AWS and Azure.

Please see the general security overview for AWS and for Azure for more details.

Network Security

Email Security

The Pro5 domain utilizes DMARC, DKIM and SPF to reduce the risk of email spoofing attacks.


Pro5 utilizes the native firewall capabilities of our cloud service providers to protect our infrastructure.

Virtual Private Cloud

Pro5 uses VPCs within our cloud infrastructure.

Wireless Security

Office wireless networks are secured using strong encryption and segregated from the production network.

Internal Access

Data Access

Access to internal systems is role-based and granted using the principle of least privilege. Permissions are reviewed at least annually.


Important activities in our cloud infrastructure are logged and retained appropriately to assist us with investigations in the event of an incident.

Password Security

Employees are required to set strong passwords, use 2FA, and use a secure password manager to store company credentials.


No Human Bias

Our processes exclude human subjectivity and unconscious bias through automation, standardization, and anonymization.

This ultimately leads to significantly fairer decision making than traditional manual methods

No AI Bias

Our AI is constantly trained and tested with a lot of unbiased data, unbiased classification, unbiased samples, unbiased labels, and algorithms that are improved when biases are detected.

We further explicitly exclude information such as gender, age, race, marital status, socioeconomic status, etc.

Traditional methods typically rely on CV key-word filtering with limited understanding of the context and in a manner which can be “gamed”.

Pro5 brings fairness into the process by objectively focusing on the talents’ real-world capabilities.

Request Document Access

Policies and Reports

Request Document Access
Change Mgmt.
Cloud Providers
Data Classification
Data Protection
Data Retention
Network Security
Pen Test Reports
Physical Security
Roles & Permissions
Security Reports