Information Security Policy

Policy summary

Recroot takes information security seriously. We at Recroot understand that our professionals working for various clients might be provided access to sensitive information. Some of this information may also be regulated under different jurisdictions.

We at Recroot take all reasonable measures to protect sensitive client and candidate information stored within our network and handled by our professionals.

Applicability

This policy applies to all employees and contractors of Recroot.  This policy also applies to third party employees working for the organization whether they are explicitly bound (e.g. by contractual terms and conditions) or implicitly bound (e.g. by generally held standards of ethics and acceptable behavior) to comply with our information security policies.

Responsibilities

Recroot Responsibilities

Information Security is the shared responsibility of Recroot, clients and candidates. Recroot is responsible for

  • Establishing and implementing reasonable measures to protect client and candidate information stored within Recroot network
  • Provide periodic information security awareness training for our staff
  • Conduct appropriate background checks for our staff
  • Ensure the staff devices are patched and secured using appropriate anti-virus software
  • Ensure that third parties employed by Recroot comply with Recroot’s information security policy

Client Responsibilities

Scope of Recroot’s information security measures is limited to Recroot staff having access to client information, securing the infrastructure that hold client information and taking reasonable measures to comply with client’s information security policies. Recroot is not responsible for client’s information security capabilities including the security of the software implemented by the client on staff devices issued by Recroot. Client responsibilities include:

  • Implementing appropriate and reasonable measures to protect their information and personal information belonging to Recroot staff
  • Securing the software installed on Recroot staff devices
  • Clearly articulating their information security policies to Recroot
  • Complying with appropriate cyber regulations

Detailed policy requirements

  • Cybersecurity is largely a matter of mitigating cyber-risks through conventional information security controls, especially ICT security controls intended to prevent or mitigate (reduce) cyber-incidents.
  • While conventional information security controls to prevent or mitigate cyber-incidents take priority, we must not neglect detective and corrective controls since cyber-incidents cannot be entirely negated. We are unlikely to identify and fully comprehend, mitigate or avoid all our  cyber-risks in this dynamic area, hence cyber-incidents are almost inevitable.
  • Detective cybersecurity controls include:
  • Maintaining a widespread awareness of cybersecurity, coupled with policies and procedures for spotting, reporting and responding effectively and efficiently to possible or confirmed cyber-incidents;
  • Effective IT system and network security monitoring, and responding to indications of possible or actual cyber-incidents as effectively and efficiently as possible;
  • Management assessing and responding to reports of cyber-risks, cybersecurity events, incidents, suspicions etc. including relevant metrics.
  • Corrective cybersecurity controls include:
  • Business continuity management involving the adoption of appropriate resilience, recovery and contingency measures to protect critical business activities, including the associated ICT, against excessive interruptions;

Further information

For any queries on our information security policy or know more, please reach out to us through infosec@recroot.it.