Crocodile

Security Policy

Crocodile Security Policy

1. Purpose This policy establishes the security measures and protocols to protect the Crocodile HR Technology website, its associated data, and its users. The goal is to ensure the integrity, confidentiality, and availability of our website resources.

2. Scope This policy applies to all employees, contractors, and third-party service providers who have access to the Crocodile HR Technology web infrastructure, hosted on cloud services, and protected by Azure Defender.

3. Website Hosting and Infrastructure

  • Our website is hosted on a secure, cloud-based platform to ensure high availability, disaster recovery, and scalability.
  • Regular backups are performed and stored in multiple secure locations.
  • Azure Defender is used for continuous security monitoring, threat detection, and alerting.

4. Data Security and Encryption

  • All data stored on our website, including user information, is encrypted both at rest and in transit.
  • We use strong encryption protocols such as TLS for data transmission.
  • Sensitive data is anonymized or pseudonymized where possible.

5. Access Control

  • Access to the website’s backend and database is restricted to authorized personnel only, based on the principle of least privilege.
  • Multi-factor authentication (MFA) is required for all administrative access.
  • Regular access reviews are conducted to ensure only current employees have access.

6. Security Updates and Patch Management

  • We implement regular updates and patches to our web applications, databases, and operating systems to protect against vulnerabilities.
  • Azure Defender provides real-time security updates and recommendations.

7. Incident Response and Reporting

  • We have an incident response plan in place to address any security breaches or suspicious activities.
  • Employees are trained to recognize and promptly report security incidents.
  • All incidents are logged, investigated, and resolved in accordance with regulatory requirements.

8. Third-Party Services and Integrations

  • All third-party services and integrations are assessed for security compliance before implementation.
  • Contracts with third-party providers include clauses that ensure adherence to our security standards.

9. User Education and Awareness

  • Regular security awareness training is provided to all employees.
  • Users of the website are informed about security best practices, such as creating strong passwords and recognizing phishing attempts.

10. Compliance and Legal Requirements

  • Our security practices are in compliance with relevant laws, regulations, and industry standards.
  • Regular audits are conducted to ensure ongoing compliance and identify areas for improvement.

11. Policy Review and Update

  • This security policy is reviewed annually or following significant changes to our infrastructure or business practices.
  • Employees and users will be notified of significant changes to the policy.

12. Contact Information For any questions or concerns regarding this security policy or the website’s security, please contact our security team at [security contact email].

Need Help?

Book A FREE DEMO

Would you like a free demo of Crocodile?

We’d love to give you a free and personalised demo of Crocodile. Please feel free to fill in the contact form and we’ll be in touch.