Crowdin Information Security Policy requirements apply to the entire Crowdin organization and are mandatory for all employees and those involved in these business processes. ISMS is built on three pillars: people, processes, and technology. A dedicated Chief Information Security Officer (CISO) is responsible for ensuring the proper protection of information assets and technologies.
Security Training and Awareness
At Crowdin, we have All employees complete ongoing security and awareness training throughout the year. Each new team member completes basic security training within the first month of hire. We conduct regular access audits, password updates and operate on the principle of the least privilege. Role-specific security training is also required.
All employee laptops have encrypted hard drives. Only the appointed system administrator only conducts hardware and software installation, configuration, or alteration. Delivery, removal of equipment to/from the data center facility is authorized, logged, and monitored. User-specific access credentials (e.g., user ID/password pair, etc.) are required to access workstation equipment, services, and applications.
Crowdin’s office is monitored and protected by an alarm system and equipped with fire alarm systems. Closed-circuit (CCTV) cameras are installed across the office and capture entrances, exits, and other designated areas. Crowdin employees do not have physical access to any of our production facilities, as our whole infrastructure is in the cloud. Secure areas are protected with entry controls, so only authorized personnel is allowed access.
Our internal network is restricted, segmented, password-protected, and all network security-related events are logged.
Crowdin employs a team of 24/7/365 server specialists to keep our software and its dependencies up to date, removing potential security vulnerabilities. We use monitoring solutions to prevent and eliminate site attacks.
Crowdin implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.
Crowdin performs background checks on all new employees, contractors, or other individuals who have access to systems or the network or physical data center facilities in accordance with local laws.
Third-Party & Supplier Security
Crowdin maintains vendor risk management practices to ensure third parties are scrutinized and maintain expected levels of security controls. View our List of Sub-processors.