We at Crimcheck care about our clients, their applicants, and the sensitive data they entrust us with. Security is part of the culture at Crimcheck – not just some checkbox. We are dedicated to constantly evaluating and improving our security.
Some examples of how we go the extra mile when it comes to security:
- Undergo annual third-party AICPA (American Institute of Certified Public Accountants) SOC (System and Organization Controls) 2 Type 2 audits.
- Complete annual third-party penetration testing of our application and related infrastructure.
- Complete weekly vulnerability remediation of devices and infrastructure.
- Require that all employees undergo monthly information security-related training.
- Adhere to best practices established by institutions such as CIS (Center for Internet Security), CISA (Cybersecurity and Infrastructure Security Agency), and NIST (National Institute of Standards and Technology) and our specific technology vendors, such as:
- Enforcement of multi-factor authentication
- Granting systems permissions based on a least-privilege model
- Utilization of full disk encryption on managed devices
- Routine backups and restoration testing of critical systems
- Evaluate and select reputable vendors to host critical data and services, and ensure its security and availability.
- Employ in-house IT professionals with information security qualifications that undergo ongoing professional development, and maintain membership in information security-focused professional organizations such as InfraGard.
Our SOC 2 Type 2 report is available to existing and prospective customers with the completion of a non-disclosure agreement.
For more information regarding our compliance or information security, or to request a copy of our SOC 2 Type 2 report, please email [email protected]
their words, not ours