TA leaders of Cielo, Raytheon discuss affirmative action next steps >> Catch the webinar today!
Your meetings, your data
Last updated on October 5, 2022. Clovers’ success as a hiring service provider relies on earning and keeping our Customers’ and Colleagues’ trust. We take security seriously and built Clovers with security in mind. To help answer questions from our users about our security practices and what we’re doing to protect their data, we have laid out some of the most important things we do to protect your data and also what you can do to protect your own data when using Clovers.
What we do to protect your data:
We take handling your data very seriously. We classify all data, and our employees are trained on proper handling of your (and our) data. Our employees are granted access to systems that hold your data on a “need-to-know” basis (i.e. if required to perform their job). Employees who have access to systems that hold your data are required to use strong passwords and multi-factor authentication.
Working with up-to-date framework releases, we use tried and tested modules, and apply fundamental security considerations to every aspect of our software design.
- SSL Encryption is used throughout our application
- All data is encrypted in transit
- All databases and database backups are encrypted at rest
We actively monitor security issues and releases of our technical stack and deploy patches as quickly as possible. We utilize multiple types of logging to monitor the live (and past) state of our application to help detect and recover from any security events. We maintain a list of our vendors’ security policies and monitor our vendors for security breaches that could lead back to our application.
- Continuous resource and infrastructure access monitoring
- Third-party web property scanning
- Security testing is an essential part of our release process
- Annual employee privacy and data security training
Team access management
We limit access to our systems and our data to only those who need it, operating on the principle of least privilege.
- Unique logins are required for all business-critical systems
- Defined access to different parts of our system
- Customer and personal data access is limited by roles
- Role-based access is regularly audited and updated
Standards and compliance
We are pursuing certifications and building to their specifications. By starting with clear principles and frameworks, our policies and processes reflect a thoughtful approach to security and our everyday work.
- ISO 27001
Your data is securely backed up on a regular basis. And we never move user data out of the secured environment for testing or any other reason.
Doing the right thing
We strive to always do the right thing, and we do this by keeping our technical stack, our application, and our business processes lean and free of unnecessary complexity. We automate as many testing, deployment, and backup processes as possible to reduce any human error. All new code is seen by at least two pairs of eyes and evaluated against our secure coding standards. We regularly tear out code that has reached the end of its usefulness to keep our application simple, elegant, and secure.
This is not a comprehensive list of the security measures we keep to safeguard your data. If you have any more questions, please contact us; we’re glad to answer any and all of your questions. Email us at [email protected]
What you can do to protect your data:
Managing users manually
Manually adding and removing users and permissions can often be overlooked and are a common source of unauthorized access to data (i.e. it can be easy to forget to remove an employee from Clovers when they leave your organization). To prevent this, we recommend automatically managing users.
Learn about privacy settings
Reporting security issues
If you believe you’ve found something in Clovers that has security implications, please email them to follow our Responsible Disclosure Policy.