We ensure the confidentiality and integrity of your data with industry best practices. Learnifier servers are hosted at Tier IV or III+, SSAE-16, PCI DSS, or ISO 27001 compliant facilities. Our Security Team is on call 24/7 to respond to security alerts and events.
We take steps to securely develop and test against security threats to ensure the safety of our customer data. In addition, third party security experts has performed details penetration tests on our customers behalf.
We make it seamless for customers to manage access and sharing policies with authentication and single-sign on (SSO) options. All communications with Learnifier servers are encrypted using industry standard HTTPS over public networks, meaning the traffic between you and Learnifier is secure.
- Facilities Learnifier servers are hosted at Tier IV or III+, SSAE-16, PCI DSS, or ISO 27001 compliant facilities. Our co-location servers are logically separated from other data center customers. Data center facilities are powered by redundant power, each with UPS and backup generators.
- On-site Security Our data center facilities feature a secured perimeter with multi-level security zones, 24/7 manned security, CCTV video surveillance, multifactor identification with biometric access control, physical locks, and security breach alarms.
- Monitoring All Production Network systems, networked devices, and circuits are constantly monitored and logically administered by Learnifier staff. Physical security, power, and internet connectivity beyond co-location cage doors or Amazon services are monitored by the facilities providers.
- Location Learnifier leverages data centers in the Europe. Learnifier also leverages communication infrastructure services located in Europe, USA and other countries.
- Dedicated Security Team Our Security Team is on call 24/7 to respond to security alerts and events.
- Protection Our network is protected by redundant firewalls, best-in-class router technology, secure HTTPS transport over public networks, regular audits, and network Intrusion Detection and/or Prevention technologies (IDS/IPS) which monitor and/or block malicious traffic and network attacks.
- Architecture Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.
- Network Vulnerability Scanning Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.
- Intrusion Detection and Prevention Major application data flow ingress and egress points are monitored with Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS). The systems are configured to generate alerts when incidents and values exceed predetermined thresholds and uses regularly updated signatures based on new threats. This includes 24/7 system monitoring.
- Logical Access Access to the Learnifier Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the Learnifier Production Network are required to use multiple factors of authentication.
- Security Incident Response In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.
- Encryption in Transit Communications between you and Learnifier are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks. TLS is also supported for encryption of emails.
- Encryption at Rest All customers of Learnifier benefit from the protections of encryption at rest for offsite storage of full daily backups. Databases containing sensitive information are also encrypted at rest.
AVAILABILITY & CONTINUITY
- Redundancy Learnifier employs service clustering and network redundancies to eliminate single points of failure. Our strict backup regime ensures Service Data is actively replicated across DR systems and facilities.
- Disaster Recovery Our Disaster Recovery (DR) program ensures that our services remain available or are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing.
SECURE DEVELOPMENT (SDLC)
- Security Training At least annually, engineers participate in secure code training covering OWASP Top 10 security flaws and common attack vectors.
- Separate Environments Testing and staging environments are separated physically and logically from the Production environment. No actual Service Data is used in the development or test environments.
- Authentication Options We offer a Learnifier sign-in solution. You may also enable SSO using SAML or login using Facebook, Google or LinkedIn.
- Single sign-on (SSO) Single sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials for your Learnifier Support instance. We support Security Assertion Markup Language (SAML)
- Secure Credential Storage Learnifier follows secure credential storage best practices by never storing passwords in human readable format, and only as the result of a secure, salted, one-way hash.
- API Security & Authentication The Learnifer API is SSL-only and you must have permissions to get authorization tokens to be able to make requests.
ADDITIONAL PRODUCT SECURITY FEATURES
- Access Privileges & Roles Access to data within Learnifier is governed by access rights, and can be configured to define granular access privileges. Learnifier has various permission levels for users (back office admin, client admin, trainer, end user, etc.).
- Transmission Security All communications with Learnifier servers are encrypted using industry standard HTTPS over public networks. This ensures that all traffic between you and Learnifier is secure during transit. Additionally for email, we support Transport Layer Security (TLS), a protocol that encrypts and delivers email securely, mitigating eavesdropping and spoofing between mail servers assuming that the receiving end supports it.
- Email Signing (DKIM) Learnifier offers DKIM (Domain Keys Identified Mail) for signing outbound emails from Learnifier. Using an email service that supports these features allows you to stop email spoofing.
- Policies Learnifier has developed a comprehensive set of security policies covering a range of topics. These policies are shared with, and made available to, all employees and contractors with access to Learnifier information assets.
- Training All new employees attend a Security Awareness Training which is given upon hire and annually thereafter. All engineers receive annual Secure coding Training. The Security team provides additional security awareness updates via email, in presentations during internal events.
- Background Checks Learnifier performs background checks on all new employees in accordance with local laws. These checks are also required to be completed for contractors. The background check includes criminal, education, and employment verification.
- Confidentiality Agreements All new hires are screened through the hiring process and required to sign Non-Disclosure and Confidentiality agreements.