Data Security & Compliance
Security Governance
This is a high-level summary of the procedures and technologies we have in place to ensure your data is secure.
Rosterfy has a documented set of policies and procedures that defines our approach to security as an organization. These are shared with all staff and reviewed and updated frequently to ensure our approach to security remains current.
For more detailed information on the specifics of our data security policy click on the link below.
ISO27001 Certified
To provide world-class security, we ensure our platform meets key industry standards. Rosterfy is certified against ISO27001 standards for Information Security compliance.
Rosterfy monitors our system using external and internal vulnerability scanning. We perform frequent audits and security assessments with independent and globally recognised security assessment firms.
Access to Internal Systems and Cloud Platforms
We ensure that access to systems in our IT environment, including the cloud platforms we use, is restricted to employees who specifically require this access for their work.
All administrator access requires multi-factor authentication and employees accessing our environment are required to use an approved VPN solution.
Access permissions to our systems are regularly reviewed on an employee-by-employee basis and modified promptly.
AWS Security
Rosterfy runs on AWS cloud infrastructure. We host customer instances between multiple Availability Zones in three regions (AU, UK, EU and USA).
AWS is accredited by and compliant with a large number of the latest industry standards – more information can be found here: https://aws.amazon.com/artifact.
Protecting Customer Data
Rosterfy takes a number of measures to help protect customer data from inappropriate access or use by unauthorized persons (either external or internal).
Customer data is only stored in our production environment, and access to that data by Rosterfy employees is limited only to the employees who require access to perform their standard duties. Access to customer data is managed using access control and authentication tools (including the use of two factor authentication) provided by Amazon Web Services and our other cloud partners.
For full details please refer to the Rosterfy Privacy Policy found here.
In the rare case that Rosterfy support employees need to access to specific customer data (generally for troubleshooting or support purposes) then Rosterfy will always seek consent from a customer before accessing this data.
Backup of your data
Rosterfy data is backed up at regular intervals to disparate encrypted data storage solutions provided by Amazon Web Services. Backups are replicated to multiple AWS facilities within the customer’s region (APAC, USA or EU).
Role and attribute based access to data & SSO
Rosterfy allows customer created roles to be assigned to users to control what functionality is available for a user, and which records a user is able to see.
These features can be combined with enterprise identity providers to allow customer controlled authentication to the system.
GDPR
Rosterfy’s policies and procedures for data protection align to meet the standards and requirements of the GDPR.
This includes transparency with regard to the use of data as well as the protection of data collected by Rosterfy through our third party servers.
Trusted by large scale event organisers and international charities
