All Collections
Privacy & Security
Rezoomo's privacy and data security measures
Is there a documented procedure/frequency for applying OS updates and security patches?
Security Frequently Asked Questions
Is there a VPN configured for company purposes? How is this used? How is access managed/retired?
Are there credentials committed to source code repository? If not, how are credentials (e.g. db connection strings, API access etc.) managed/stored/retrieved?
What encryption is used in transit (website) and at rest (database, flat files)?
Has Penetration testing been carried out on the application?
Does user information ever get output to log files?
What's the retention policy on log files?
How often is the CMS updated/security patched? Is there a documented process?
Is there a procedure in place to monitor ColdFusion for patch/security updates that need to be rolled out? What is that procedure?
In what state are user passwords stored in the database?
How is client data segmented -(e.g. does each employer get their own database instance or are all employers' data managed in the same db)?
Flat file storage e.g. CV’s. How are they stored (e.g. S3)?