Crewmojo Security

Crewmojo’s primary security objective is safeguarding our customers' data.

Security and Trust

Robust platform & governance for enterprise

Our security approach focuses on governance, risk management and compliance. This includes standards-based best practices like encryption of data at rest and in transit, independent penetration testing, administrative access control, system monitoring, logging, alerting, employee training and awareness, and more.

World-Class Infrastructure

Crewmojo hosts our test and production environments on Amazon’s AWS platform. AWS data centres are housed in nondescript facilities, with robust perimeter control.

Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilising video surveillance, state-of-the-art intrusion detection systems, and other electronic means.

AWS data centres are SOC 1, SOC 2, and SOC 3 certified.

Strong Application Security

Data is encrypted in transit with industry-standard TLS connections and at rest with 256-bit AES encryption.

Application development is in line with our Secure Coding Policy with security considered from the design stage right through to deployment and testing.

Two-factor authentication is required for access to all administrative systems and admin privileges are restricted to employees who require access to fulfil their role.

Backup and Resilience

Crewmojo ensures data is replicated and backed up in multiple durable data-stores. Data is configured with a rolling 35-day point-in-time recovery strategy.

Data is also replicated across availability zones and infrastructure locations in order to provide fault-tolerance as well as scalability and responsive recovery, when necessary.

Security Compliance

Crewmojo has implemented a comprehensive Information Security Management System (ISMS) aligned with ISO 27001, ISO 27017 for Security Controls for the Provision and Use of Cloud Services, and ISO 27018 for the Protection of Personally Identifiable Information.

Crewmojo performs regular vulnerability scans on the platform and engages an independent security firm to perform penetration testing at least annually.

Get involved

Responsible Disclosure Policy

If you believe you’ve discovered a potential security vulnerability within one of our services or products, we strongly encourage you to disclose it to us as quickly as possible and in a responsible manner.

We appreciate the assistance of security researchers and are committed to reviewing all reports that are disclosed to us.

We will do our best to address each issue in a timely fashion and request that you provide us with a reasonable timeframe to address the issue before public disclosure.

Read the full policy document
See our list of security contributors.

What are you waiting for?

Give your employees their mojo using EX processes tailored for your unique organisation!