Security & Compliance at Recruit CRM
- Your data security is our top priority. We meet the highest worldwide security standards and practice robust processes and policies to ensure data confidentiality, integrity, and availability.
- Along with periodic audits and continuous monitoring, we put our software through various tests internally. It allows us to identify potential security risks early, address them quickly, and stay ahead of new threats. Here’s what we do to keep your data safe.
Encryption in Transit
All your communications with our server are enciphered with industry-standard 128-bit SSL/TLS encryption. It ensures your data is always safe and secure while traversing to and from application servers.
Data Encryption
All sensitive data is encrypted at rest with Advanced Encryption Standard (AES) to ensure confidentiality. Passwords are never stored as plain text. Instead, they are hashed.
Secure Infrastructure
Recruit CRM computing infrastructure is provided by AWS, a secure cloud services platform. AWS’s physical infrastructure has been accredited under ISO 27001 & SOC 2 compliance.
Application
Recruit CRM security policy protects sensitive data, such as information collected, computed, stored, and communicated by our software.
Access Control
Accessing our production infrastructure requires more than just a password; authorized personnel are required to go through a multi-step authentication process. It ensures that only those with proper clearance can view sensitive customer data. We limit data access to only those needed for support and troubleshooting on the customer’s behalf.
Application Access
All data access to Recruit CRM is safeguarded by a Role-Based Access-Control (RBAC) system, which only lets authorized users access the data. Users can’t view data from organizations other than their own.
Vulnerability Scanning & Patching
We check and apply patches for third-party software/services now and then. When vulnerabilities are discovered, we dispatch the fixes within defined SLAs.
Penetration Testing
We use independent, qualified third-party VAPT (Vulnerability Assessment and Penetration Testing) services to conduct periodic penetration tests and uncover potential vulnerabilities.
Security Training
All Recruit CRM personnel must undergo security training specifically designed for a cloud-hosted setup. It covers industry best practices around typical human-based-attack vectors involving phishing, passwords, attachments, and more.
Disclosure
The security of our system is crucial to us. If you encounter any potential security issues, please send them to us at contact@recruitcrm.io We will take care of them on a priority basis.
- Our high-security standards are reflected in ISO 27001 & SOC 2 and will only enhance our continued compliance, internally and for our customers, as we develop new features.
