Expert360 Security & Trust
Last Updated: December 2023
Expert360 values the trust of our clients and Experts. We have and always will work diligently to ensure your data is kept safe and secure. If something doesn't seem right, please flag it for our attention and our dedicated team will get back to you as soon as possible.
Experts
- Real People: At Expert360, we want to make sure everyone is using real identities. We don't allow multiple people to use a single Expert360 account, and we may ask follow-up verification questions to confirm your identity.
- Identity Verification: Experts confirm their identity during the sign-up process, providing first and last names, phone number, and email address. We offer account verification via text or email confirmation. We may contact you with follow-up verification questions so we can confirm your identity.
- Screening and Vetting: Our internal talent team conducts thorough screening to verify not only your identity, but also eligibility for our platform. When applying for work, Clients have the opportunity to ask Experts screening questions. We take the quality of the Experts on our marketplace very seriously.
- Marketplace Integrity: Experts must adhere to our marketplace terms and policies, ensuring honesty and accuracy in their applications. Fairly representing your skills and expertise ensures a smooth work experience for everyone involved.
- Ongoing Support: For any issues or concerns during a project, Experts have a dedicated internal contact as part of our service.
Clients
- Real Work: We have rules for creating job postings and we're always monitoring to make sure they're upheld. Once a job is submitted, we'll review it within 60 minutes. If it's not legitimate, it doesn't get on the site.
- Organisation Privacy: We diligently protect your data about your organisation within our platform. You can hide your organisation name if you’re hiring for sensitive positions. Project titles and summaries are always public, however.
- Feedback on Experts: We require mandatory feedback after each engagement. This helps Expert360 and prospective clients to find the best Experts. We take appropriate action on neutral or bad reviews.
Technology & Data
Employees & Data Access
- Dedicated Team: Our in-house Product and Engineering team is committed to the integrity of our online marketplace.
- Employee Device Protection: We’ve partnered with Crowdstrike for corporate device security.
- Role-Based Access: We ensure only necessary access to your data is granted for our team members.
- Data Storage: Client and Expert data are stored in our AWS data warehouses in the Sydney region with 256-bit AES encryption.
- Anonymized Reporting: Personally identifiable data is anonymized before being sent to our data warehouse.
Maintaining Security Standards
- Platform Penetration Testing: We do annual third-party testing to ensure our platform is secure. These tests are based on the NIST, CIST & OWASP frameworks, and ensure we’re kept honest with how we handle your data.
- Critical Systems Protection: We use role-based access, SSO, and 2FA for internal systems.
- Vulnerability Management: We’re continually scanning our platform for threats or bad actors.
- Zero Trust Data Model: We’re continuously working to strengthen our zero trust security model protecting staff identities, corporate devices, and internal IP.
- Policy Review: We make regular updates to our internal policies and procedures. These policies include, but are not limited to, Incident Management and Response, Data Classification, Information Security, Change Management, and User Access policies.
- Technology Due Diligence: We thoroughly evaluate any new technology or partner we work with for data protection.
- AI Use Policy: With AI playing such a big role in how we do work, we have rolled out, and maintain, an Acceptable Use of AI policy with the view of protecting Expert and Client data.
- Incident Response and Handling: We have a robust incident response protocol to quickly and effectively handle any security incidents. This includes immediate investigation, mitigation steps, and transparent communication with affected parties.