State of Hiring
Insights and trends from over 2,000 employers and candidates to get a clear picture of what hiring looks like today.
Last updated on October 5, 2022. Clovers’ success as a hiring service provider relies on earning and keeping our Customers’ and Colleagues’ trust. We take security seriously and built Clovers with security in mind. To help answer questions from our users about our security practices and what we’re doing to protect their data, we have laid out some of the most important things we do to protect your data and also what you can do to protect your own data when using Clovers.
We take handling your data very seriously. We classify all data, and our employees are trained on proper handling of your (and our) data. Our employees are granted access to systems that hold your data on a “need-to-know” basis (i.e. if required to perform their job). Employees who have access to systems that hold your data are required to use strong passwords and multi-factor authentication.
Working with up-to-date framework releases, we use tried and tested modules, and apply fundamental security considerations to every aspect of our software design.
We actively monitor security issues and releases of our technical stack and deploy patches as quickly as possible. We utilize multiple types of logging to monitor the live (and past) state of our application to help detect and recover from any security events. We maintain a list of our vendors’ security policies and monitor our vendors for security breaches that could lead back to our application.
We limit access to our systems and our data to only those who need it, operating on the principle of least privilege.
We are pursuing certifications and building to their specifications. By starting with clear principles and frameworks, our policies and processes reflect a thoughtful approach to security and our everyday work.
Your data is securely backed up on a regular basis. And we never move user data out of the secured environment for testing or any other reason.
We strive to always do the right thing, and we do this by keeping our technical stack, our application, and our business processes lean and free of unnecessary complexity. We automate as many testing, deployment, and backup processes as possible to reduce any human error. All new code is seen by at least two pairs of eyes and evaluated against our secure coding standards. We regularly tear out code that has reached the end of its usefulness to keep our application simple, elegant, and secure.
This is not a comprehensive list of the security measures we keep to safeguard your data. If you have any more questions, please contact us; we’re glad to answer any and all of your questions. Email us at [email protected]
Manually adding and removing users and permissions can often be overlooked and are a common source of unauthorized access to data (i.e. it can be easy to forget to remove an employee from Clovers when they leave your organization). To prevent this, we recommend automatically managing users.
If you believe you’ve found something in Clovers that has security implications, please email them to follow our Responsible Disclosure Policy.