At GrowMore Recruitment, we prioritise the security and integrity of our information systems. Our Vulnerability Management Policy is designed to safeguard our infrastructure and applications against potential threats, ensuring the highest levels of protection for our data and operations. By proactively identifying, evaluating, and mitigating vulnerabilities, we uphold our commitment to providing a secure environment for our clients and stakeholders. This policy outlines our comprehensive approach to vulnerability management, detailing the procedures and responsibilities that underpin our security practices.
Objectives
GrowMore Recruitment is committed to preventing the exploitation of technical vulnerabilities by ensuring:
- Timely acquisition of information about technical vulnerabilities.
- Comprehensive evaluation of exposure to vulnerabilities.
- Implementation of appropriate measures to mitigate risks associated with vulnerabilities.
- Installation of software is restricted to approved personnel only.
Scope
This policy is applicable to all GrowMore Recruitment infrastructure resources within the organisation and product application code and resources supporting GrowMore Recruitment and GrowMore Marketing software applications.
Policy
Software Installation
Only authorised personnel are permitted to install software on designated systems. This ensures that all software installations are secure and compliant with GrowMore Recruitment’s security protocols.
Penetration Testing
GrowMore Recruitment conducts regular penetration testing to identify and address system-level vulnerabilities. This includes weekly reverse reachability tests and annual third-party penetration tests. The results from these tests generate vulnerability reports, which are tracked and remediated based on their scope and severity.
Penetration testing supplements, but does not replace, other vulnerability monitoring strategies. These tests provide an external evaluation of GrowMore Recruitment’s internal vulnerability management processes, helping to enhance our security measures.
Operating System Vulnerabilities
The infrastructure team actively monitors security announcements for GrowMore Recruitment’s preferred operating system. When new vulnerabilities are identified, the team assesses the potential risks and applies patches or temporary mitigations within a week, often sooner. This proactive approach may lead to the initiation of an Information Security Incident.
Application Vulnerabilities
Source Code: In addition to regular internal and annual external penetration tests, developers scrutinise changes made to application code for vulnerabilities.
Dependencies: If high-severity vulnerabilities are detected, they halt the application build process, compelling developers to address them immediately. The impact of these vulnerabilities is assessed, leading to patches, dependency upgrades, or other temporary measures. Emergency releases may also be issued to resolve critical vulnerabilities, which could result in an Information Security Incident.
Responsibilities
- Infrastructure Team: Responsible for monitoring, evaluating, and mitigating system-level vulnerabilities.
- Developers: Responsible for monitoring, evaluating, and mitigating application-level vulnerabilities.
Commitment to Security
GrowMore Recruitment is dedicated to maintaining robust vulnerability management practices to ensure the security and integrity of our systems. By continuously monitoring and addressing vulnerabilities, we aim to protect our information assets and provide a secure environment for our clients and stakeholders.
For further information or questions regarding our Vulnerability Management Policy, please contact our IT security team.