Crewmojo Security

Crewmojo hosts our test and production environments on Amazon’s AWS platform. AWS data centres are housed in nondescript facilities, with robust perimeter control.

Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilising video surveillance, state-of-the-art intrusion detection systems, and other electronic means.

AWS data centres are SOC 1, SOC 2, and SOC 3 certified.

Data is encrypted in transit with industry-standard TLS connections and at rest with 256-bit AES encryption.

Application development is in line with our Secure Coding Policy with security considered from the design stage right through to deployment and testing.

Two-factor authentication is required for access to all administrative systems and admin privileges are restricted to employees who require access to fulfil their role.

Crewmojo ensures data is replicated and backed up in multiple durable data-stores. Data is configured with a rolling 35-day point-in-time recovery strategy.

Data is also replicated across availability zones and infrastructure locations in order to provide fault-tolerance as well as scalability and responsive recovery, when necessary.

Crewmojo has implemented a comprehensive Information Security Management System to safeguard the security and privacy of customer data. We are independently audited and certified to meeting the compliance requirements of SOC2 and GDPR standards.

Crewmojo performs regular vulnerability scans on the platform and engages an independent security firm to perform penetration testing at least annually.