Security Information

Our commitment to protecting your data

Security Overview

At RoleCall, we take the security of your data seriously. This page outlines the comprehensive security measures we implement to protect your organization's job evaluation data, employee information, and all sensitive information processed through our platform.

Infrastructure Security

Data Centers
  • UK-based servers
  • ISO 27001 certified facilities
  • 24/7 physical security
  • Redundant power & cooling
Network Security
  • Enterprise firewalls
  • DDoS protection
  • Intrusion detection systems
  • Network segmentation

Data Protection

Encryption
  • In Transit: TLS 1.3 for all data transmission
  • At Rest: AES-256 encryption for stored data
  • Database: Encrypted database connections
  • Backups: Encrypted backup storage
Data Handling
  • Secure data deletion protocols
  • Regular data integrity checks
  • Automated backup systems with point-in-time recovery
  • Geographic backup redundancy

Application Security

Authentication
  • JWT-based secure authentication
  • Strong password requirements
  • Session timeout controls
  • Account lockout protection
Authorization
  • Role-based access control (RBAC)
  • Principle of least privilege
  • API rate limiting
  • IP whitelisting available
Security Features
  • CSRF protection on all forms
  • XSS prevention through input sanitization
  • SQL injection prevention via parameterized queries
  • Security headers implementation (HSTS, CSP, X-Frame-Options)
  • Regular dependency updates and vulnerability scanning

Compliance & Standards

UK GDPR
Fully compliant
Data Protection Act 2018
Compliant
ISO 27001
Standards aligned

Monitoring & Incident Response

Continuous Monitoring
  • 24/7 system monitoring and alerting
  • Real-time threat detection
  • Automated security scanning
  • Performance and availability monitoring
  • Comprehensive audit logging
Incident Response
  • Dedicated security response team
  • Defined incident response procedures
  • 72-hour breach notification commitment
  • Regular incident response drills
  • Post-incident analysis and improvement

Organizational Security

Our Team
  • Background checks for all employees
  • Regular security training and awareness
  • Signed confidentiality agreements
  • Principle of least privilege access
  • Regular access reviews and audits
Development Practices
  • Secure coding standards
  • Code review requirements
  • Regular penetration testing
  • Vulnerability assessments
  • Security testing in CI/CD pipeline

Security Best Practices for Users

Help us keep your data secure:
  • Use strong, unique passwords for your account
  • Enable two-factor authentication when available
  • Keep your browser and operating system updated
  • Be cautious of phishing attempts
  • Log out when using shared computers
  • Report suspicious activity immediately
  • Regularly review user access permissions

Reporting Security Issues

If you discover a security vulnerability or have security concerns, please contact us immediately:

Security Team Contact

Email: security@rolecall.uk

Emergency Hotline: +44 20 7123 9999

We appreciate responsible disclosure and will work with security researchers to address issues promptly.

Security Updates

We continuously improve our security measures. For the latest updates on our security practices and any security advisories, please check this page regularly or subscribe to our security bulletin.

Your Security is Our Priority

Last security audit: December 2024
Next scheduled audit: March 2025