Security
“It’s all about making the data as secure as possible.” Mark Goldin, CTO for Cornerstone

More than 37 million subscribers trust Cornerstone
This is not something we take lightly. We know how critical security, privacy and reliability are to both our business and yours. Have peace of mind knowing that Cornerstone has taken the security and compliance needs of our global clients seriously and supports the specific requirements of many industries across the world.
Disaster Recovery
Disaster recovery tests are performed twice per year at each disaster recovery data center. Our program ensures recovery within 24 hours of a major disaster with a Recovery Point Objective (RPO) of 1 hour or less. Seven days of hot backups are stored on the local SAN disk for immediate recovery.
Access Control & Physical Security
Our infrastructure is hosted in four secure data centers with two in North America and two in Europe. Every data center has 24-hour manned security, video surveillance, motion detectors, alarms and restricted access to select personnel with appropriate identification. Servers are stored in secured caged areas with biometric hand scanner access. Non-Cornerstone visitors must be escorted at all times.
Application Security
Our Unified Talent Management system is secured with 256-bit TLS, which encrypts all data in transit and ensures it is secure. Access to the Cornerstone application requires unique usernames and passwords and supports Single Sign-On (SSO), which requires clients to be authenticated. Rights and role-driven controls ensure users only see what they have been permitted to see.
Network Protection
A DMZ-protected production suite ensures infrastructure security through the use of firewalls, port filtering and network address translation via multiple load balancers. Internal firewalls segregate traffic between the application and database tiers. A third-party service provider monitors the network and sends alerts for any unusual usage and equipment failure.
Backup
Cornerstone takes AES-256 encrypted backups daily of full client databases before being written to tape. Hourly transactional backups are sent to separate hot disks, and backup tapes are collected weekly and transported in locked boxes to secure vaults.
Disaster Recovery
Disaster recovery tests are performed twice per year at each disaster recovery data center. Our program ensures recovery within 24 hours of a major disaster with a Recovery Point Objective (RPO) of 1 hour or less. Seven days of hot backups are stored on the local SAN disk for immediate recovery.
Access Control & Physical Security
Our infrastructure is hosted in four secure data centers with two in North America and two in Europe. Every data center has 24-hour manned security, video surveillance, motion detectors, alarms and restricted access to select personnel with appropriate identification. Servers are stored in secured caged areas with biometric hand scanner access. Non-Cornerstone visitors must be escorted at all times.
Application Security
Our Unified Talent Management system is secured with 256-bit TLS, which encrypts all data in transit and ensures it is secure. Access to the Cornerstone application requires unique usernames and passwords and supports Single Sign-On (SSO), which requires clients to be authenticated. Rights and role-driven controls ensure users only see what they have been permitted to see.
Network Protection
A DMZ-protected production suite ensures infrastructure security through the use of firewalls, port filtering and network address translation via multiple load balancers. Internal firewalls segregate traffic between the application and database tiers. A third-party service provider monitors the network and sends alerts for any unusual usage and equipment failure.
Backup
Cornerstone takes AES-256 encrypted backups daily of full client databases before being written to tape. Hourly transactional backups are sent to separate hot disks, and backup tapes are collected weekly and transported in locked boxes to secure vaults.
Disaster Recovery
Disaster recovery tests are performed twice per year at each disaster recovery data center. Our program ensures recovery within 24 hours of a major disaster with a Recovery Point Objective (RPO) of 1 hour or less. Seven days of hot backups are stored on the local SAN disk for immediate recovery.