Security | Crunchtime Restaurant Software Security Information

At Crunchtime, we take security seriously

We employ a multi-point protocol that ensures data integrity, complies with the highest standards, and manages risks. This protocol is leveraged by our Inventory Management, Labor & Scheduling, Learning & Development, and core Operations Execution platforms.

Risk Assessments

Crunchtime performs annual risk assessments and also utilizes third party risk management reviews to ensure we've covered everything.

Testing & Scanning

We perform penetration tests annually, proactively hunt for threats monthly, and scan for vulnerabilities weekly.

Ongoing Training

We deploy company-wide security training quarterly, and provide a custom secure training program for our development teams.

Data Governance & Protection

Our products support HTTPS protocol and multifactor authentication. We ensure sensitive data is encrypted over public transmission and while at rest. Regular backups, built-in redundancy, log monitoring, disaster recovery plans, and business continuity processes ensure your data is protected.

Disaster Recovery

Unlike competitors who merely take daily snapshots of data, which could mean 24 hours of data loss, Crunchtime’s Recovery Point Objective (RPO) is 15 minutes, and our Recovery Time Objective (RTO) is two hours for mission critical inventory and labor data. That’s because in real time we are replicating each customer's environment to a geographically diverse data center resulting in a warm standby environment.

Software Development QA

As we develop software, in addition to manual testing, we have dedicated quality assurance teams that build automated tests against every release. What does that look like? We run more than 10,000 tests to cover most customer use cases and we add new automations as the platform grows. We also operate production-class performance environments to ensure every build is scalable and performant. Crunchtime also embeds security scanning into our release process, ensuring threats are mitigated before anything reaches our customers.

Audit Reports

Crunchtime performs SOC 1-Type 2 (for Crunchtime Inventory and Labor) and SOC 2 – Type 2 audits (for all products), while most of our competitors only perform SOC 1. What’s the difference?

SOC 1 audits focus on the integrity of a company’s financial transactions, while SOC 2 is a framework used by service organizations to demonstrate their security controls and their effectiveness.
SOC 2 is based on five trust principles: security, availability, processing integrity, confidentiality, and privacy. These principles are governed by a set of controls that are tested on a regular basis to ensure their effectiveness–vs. a point in time with SOC 1–and are reviewed by an independent auditor.

Information Security Team

Crunchtime has a mature and robust security program with a dedicated Information Security team that provides the following functions:

24/7 Security Operations Center
Application code scanning throughout the development and release cycle
Advanced threat detection that identifies abnormal behaviors to identify and thwart threat actors
Annual security training with frequent refreshers
Proactive threat hunting
Ad-hoc phishing testing
Intrusion detection and prevention systems

There are plenty of things to worry about when it comes to keeping your restaurants operating, but the security of your technology platforms shouldn’t be one of them.

Ask your technology partners for the details of their security protocols, and if they don't meet the standards Crunchtime commits to, contact us so we can help ensure your operation is protected.

Keep your operations secure