Security

Learning Pool is committed to protecting your data, meeting the requirements of information security good practice and seeking ways in which we can improve our security to mitigate new risks.

We are proud to be certified to the international standard for information security, ISO 27001

  • Our customers need to know that their data is safe and secure – especially with a large proportion of their learners working with confidential information on a daily basis.
  • Doing business with us means that you can be assured of standardised security levels and practices which have been independently verified by a third-party auditor.
  • Information security management has given Learning Pool the freedom to grow, innovate and broaden our customer-base in the knowledge that all confidential information will remain that way.

A copy of our certification can be viewed here and our Commitment to Security Policy here.

We are also Cyber Security Essentials Certified. You can view our certificate here.

 


Your security is our priority

    
Third Party Audits

In addition to hosting information on AWS, Learning Pool has completed an independent third-party audit of its own management and data systems.

This audit involves a rigorous review of our technology infrastructure and operational processes, and represents our commitment to customer security on an ongoing basis.

More information on ISO 27001 is available here.

    
World-class data centers

Learning Pool’s physical infrastructure is hosted and managed within Amazon’s secure data centers and leverages Amazon Web Services (AWS) and Amazon Elastic Compute Cloud (EC2) technology.

The data is physically stored on servers in the UK and backups are completed every day with a retention period of 7 daily, 4 weekly and 12 monthly database backups. For file system backups we have a 14 day retention policy.

Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

Amazon’s data center operations have been accredited under:
•   ISO 27001 and ISO 27017/8
•   SOC 1, SOC 2 and SOC 3 / SSAE 16/ISAE 3402
(previously SAS 70 Type II)
•   PCI DSS LEVEL 1
AWS also has given special attention in the USA and EU to comply with any new or changing regulations, such as:
•   Sarbanes-Oxley (SOX)
•   HIPAA
•   Safe Harbor / Privacy Shield
•   FISMA
•   FEDRAMP
•   DOD SRG
•   EU Data Protection Directive (GDPR)

A full list of Amazon’s certifications is available here.

    
Secure transmission

All communication between Learning Pool servers and the client browser is secured using the industry standard Transport Layer Security (TLS).

Learning Pool support the most relevant and secure level of TLS (currently 1.1 and above).

The connection supports encryption using AES-256 CBC with SHA256 for message authentication and ECDHE RSA as the key exchange mechanism.

    
Your password is stored securely

All user passwords are hashed. Hashing passwords means we don’t have access to the original passwords, nor does anyone else.

So even if our database were compromised, everyone’s passwords would stay secure.

    
Penetration and vulnerability testing

Learning Pool conducts annual third party penetration testing on its systems to validate and confirm that there are no technical vulnerabilities that may have been missed.

Executive summaries are also available on request.

For more information about our security policy, please email hello@learningpool.com

Ready to talk?


Email or call us today and take the next step towards learning and development excellence