Security
Customers in more than 30 countries trust Learnifier with their data. This is not something we take lightly. We combine enterprise-class security features with comprehensive audits of our applications, systems, and networks to ensure customer and business data is always protected. And our customers rest easy knowing their information is safe, their interactions are secure, and their businesses are protected.
Data center and network security
We ensure the confidentiality and integrity of your data with industry best practices. Learnifier servers are hosted at Tier IV or III+, SSAE-16, PCI DSS, or ISO 27001 compliant facilities. Our Security Team is on call 24/7 to respond to security alerts and events.
Application Security
We take steps to securely develop and test against security threats to ensure the safety of our customer data. In addition, third party security experts has performed details penetration tests on our customers behalf.
Product security features
We make it seamless for customers to manage access and sharing policies with authentication and single-sign on (SSO) options. All communications with Learnifier servers are encrypted using industry standard HTTPS over public networks, meaning the traffic between you and Learnifier is secure.
AVAILABILITY & CONTINUITY
Learnifier employs service clustering and network redundancies to eliminate single points of failure. Our strict backup regime ensures Service Data is actively replicated across DR systems and facilities.
Redundancy
Our Disaster Recovery (DR) program ensures that our services remain available or are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing.
Disaster Recovery
ENCRYPTION
Communications between you and Learnifier are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks. TLS is also supported for encryption of emails.
Encryption in Transit
All customers of Learnifier benefit from the protections of encryption at rest for offsite storage of full daily backups. Databases containing sensitive information are also encrypted at rest.
Encryption at Rest
NETWORK SECURITY
Our Security Team is on call 24/7 to respond to security alerts and events.
Dedicated Security Team
Our network is protected by redundant firewalls, best-in-class router technology, secure HTTPS transport over public networks, regular audits, and network Intrusion Detection and/or Prevention technologies (IDS/IPS) which monitor and/or block malicious traffic and network attacks.
Protection
Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.
Architecture
Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.
Network Vulnerability Scanning
Major application data flow ingress and egress points are monitored with Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS). The systems are configured to generate alerts when incidents and values exceed predetermined thresholds and uses regularly updated signatures based on new threats. This includes 24/7 system monitoring.
Intrusion Detection and Prevention
Access to the Learnifier Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the Learnifier Production Network are required to use multiple factors of authentication.
Logical Access
In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.
Security Incident Response
Data center and network security
PHYSICAL SECURITY
Learnifier servers are hosted at Tier IV or III+, SSAE-16, PCI DSS, or ISO 27001 compliant facilities. Our co-location servers are logically separated from other data center customers. Data center facilities are powered by redundant power, each with UPS and backup generators.
Facilities
Our data center facilities feature a secured perimeter with multi-level security zones, 24/7 manned security, CCTV video surveillance, multifactor identification with biometric access control, physical locks, and security breach alarms.
On-site Security
All Production Network systems, networked devices, and circuits are constantly monitored and logically administered by Learnifier staff. Physical security, power, and internet connectivity beyond co-location cage doors or hosting services are monitored by the facilities providers.
Monitoring
Learnifier leverages data centers in the Europe. Learnifier also leverages communication infrastructure services located in Europe, USA and other countries.
Location
Application security
SECURE DEVELOPMENT (SDLC)
At least annually, engineers participate in secure code training covering OWASP Top 10 security flaws and common attack vectors.
Security Training
Testing and staging environments are separated physically and logically from the Production environment. No actual Service Data is used in the development or test environments.
Separate Environments
ADDITIONAL PRODUCT SECURITY FEATURES
Access to data within Learnifier is governed by access rights, and can be configured to define granular access privileges. Learnifier has various permission levels for users (back office admin, client admin, trainer, end user, etc.).
Access Privileges & Roles
All communications with Learnifier servers are encrypted using industry standard HTTPS over public networks. This ensures that all traffic between you and Learnifier is secure during transit. Additionally for email, we support Transport Layer Security (TLS), a protocol that encrypts and delivers email securely, mitigating eavesdropping and spoofing between mail servers assuming that the receiving end supports it.
Transmission Security
Learnifier offers DKIM (Domain Keys Identified Mail) for signing outbound emails from Learnifier. Using an email service that supports these features allows you to stop email spoofing.
Email Signing (DKIM)
Product security features
AUTHENTICATION SECURITY
We offer a Learnifier sign-in solution. You may also enable SSO using SAML or login using Facebook, Google or LinkedIn.
Authentication Options
Single sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials for your Learnifier Support instance. We support Security Assertion Markup Language (SAML)
Single sign-on (SSO)
Learnifier follows secure credential storage best practices by never storing passwords in human readable format, and only as the result of a secure, salted, one-way hash.
Secure Credential Storage
The Learnifer API is SSL-only and you must have permissions to get authorization tokens to be able to make requests.
API Security & Authentication
EMPLOYEE VETTING
Learnifier performs background checks on all new employees in accordance with local laws. These checks are also required to be completed for contractors. The background check includes criminal, education, and employment verification.
Background Checks
All new hires are screened through the hiring process and required to sign Non-Disclosure and Confidentiality agreements.
Confidentiality Agreements
Additional security methodologies
SECURITY AWARENESS
Learnifier has developed a comprehensive set of security policies covering a range of topics. These policies are shared with, and made available to, all employees and contractors with access to Learnifier information assets.
Policies
All new employees attend a Security Awareness Training which is given upon hire and annually thereafter. All engineers receive annual Secure coding Training. The Security team provides additional security awareness updates via email, in presentations during internal events.
Training