Keep your operations secure
Trust Crunchtime to protect your data
At Crunchtime, we take security seriously
We employ a multi-point protocol that ensures data integrity, complies with the highest standards, and manages risks. This protocol is leveraged by our Inventory Management, Labor & Scheduling, Learning & Development, and core Operations Execution platforms.
Crunchtime performs annual risk assessments and also utilizes third party risk management reviews to ensure we've covered everything.
Testing & Scanning
We perform penetration tests annually, proactively hunt for threats monthly, and scan for vulnerabilities weekly.
We deploy company-wide security training quarterly, and provide a custom secure training program for our development teams.
Data Governance & Protection
Our products support HTTPS protocol and multifactor authentication. We ensure sensitive data is encrypted over public transmission and while at rest. Regular backups, built-in redundancy, log monitoring, disaster recovery plans, and business continuity processes ensure your data is protected.
Unlike competitors who merely take daily snapshots of data, which could mean 24 hours of data loss, Crunchtime’s Recovery Point Objective (RPO) is 15 minutes, and our Recovery Time Objective (RTO) is two hours for mission critical inventory and labor data. That’s because in real time we are replicating each customer's environment to a geographically diverse data center resulting in a warm standby environment.
Software Development QA
As we develop software, in addition to manual testing, we have dedicated quality assurance teams that build automated tests against every release. What does that look like? We run more than 10,000 tests to cover most customer use cases and we add new automations as the platform grows. We also operate production-class performance environments to ensure every build is scalable and performant. Crunchtime also embeds security scanning into our release process, ensuring threats are mitigated before anything reaches our customers.
Crunchtime performs SOC 1-Type 2 (for Crunchtime Inventory and Labor) and SOC 2 – Type 2 audits (for all products), while most of our competitors only perform SOC 1. What’s the difference?
- SOC 1 audits focus on the integrity of a company’s financial transactions, while SOC 2 is a framework used by service organizations to demonstrate their security controls and their effectiveness.
- SOC 2 is based on five trust principles: security, availability, processing integrity, confidentiality, and privacy. These principles are governed by a set of controls that are tested on a regular basis to ensure their effectiveness–vs. a point in time with SOC 1–and are reviewed by an independent auditor.
Information Security Team
Crunchtime has a mature and robust security program with a dedicated Information Security team that provides the following functions:
- 24/7 Security Operations Center
- Application code scanning throughout the development and release cycle
- Advanced threat detection that identifies abnormal behaviors to identify and thwart threat actors
- Annual security training with frequent refreshers
- Proactive threat hunting
- Ad-hoc phishing testing
- Intrusion detection and prevention systems