Data Security in LMS - Secure Online Learning System - TalentLMS

Security

Security

We recognize that security is critical to you and your success. This is a responsibility we take seriously, and we work with security researchers to stay up to date with the most recent practices in web security.

While we cannot reveal every measure we have in place (as this could be used against us by the very actors we protect ourselves against), we can give you a high-level overview of how we actively keep you and your data safe. 

If you have any questions after you’ve read this, please let us know.

 

Certifications

ISO 27001: This standard demonstrates that we manage the security of our information according to the practice internationally recognized as the best. The ISO 27001 certificate means we protect our customer and employee information, manage risk effectively, and comply with other regulations.

ISO 9001: Compliance with ISO 9001 confirms that the quality of our product and the processes we use are efficient. The standard also demonstrates that we consistently build products that people want and we meet all types of regulatory requirements.

GDPR compliant: We comply with the European Union General Data Protection Regulation in the way we store, retrieve, and protect your data.

Privacy Shield:  We undergo annual verification under the Privacy Shield verification program.  This means we comply with their principles for all onward transfers of personal data from the EU and the UK to TalentLMS.

 

Cloud Infrastructure

TalentLMS is exclusively hosted on Amazon Web Services (AWS). AWS is recognized for data centers that are built to withstand all types of threats and are certified for high quality and security.

  • We use storage infrastructure designed for mission-critical and primary data storage. And AWS guarantees reliable data storage.
  • We take backups that are stored on multiple devices across multiple facilities in multiple availability zones. Daily backups ensure we can restore your data in case of failure or accidental deletion.
  • All files that you upload are stored on servers that use the latest techniques to remove bottlenecks and points of failure.
  • We use different storage for user and application data. These servers are not exposed anywhere but the internal network, which is isolated from the internet.
  • We use load balancers to ensure TalentLMS is online even with high traffic. Load balancers distribute requests to multiple servers, and this ensures that TalentLMS can withstand attacks like DDoS.
  • All AWS servers are encrypted with AES-256. This is the same level of encryption the US government uses for Top Secret information.

 

Application Security

To keep our users and their data safe, we continually and carefully monitor, fix and prevent any security vulnerabilities.

  • TalentLMS runs behind a firewall and is updated regularly with the latest security patches.
  • We use automated tools to review and automatically scan TalentLMS for well-known vulnerabilities. 
  • We have a Bug Bounty program that allows us to receive feedback on potential issues. 
  • All information passed back and forth between our server and your computer is encrypted (SSL/TLS 1.2). This means if anyone were to "listen in" and try to get to this data, they wouldn’t be able to read or decrypt it.
  • We have strong password policies and alternative secure means of authentication. Your passwords are stored, hashed and salted in encrypted servers, which means TalentLMS staff don’t know or have access to your password.
  • We use in-depth monitoring services to visualize performance, detect irregular activity patterns, and ensure that our entire infrastructure is functioning as it should. This leads to excellent service performance and uptime.
  • In addition to security offered by Amazon Web Services, we also run an Intrusion Detection and Prevention System.

 

Internal Security

At TalentLMS, we promote a culture of security, so all our employees understand its importance.

  • Before hiring, we conduct background checks.
  • All employees sign confidentiality agreements.
  • All employees are trained in security and privacy, including best security practices, information on new threats and vulnerabilities, as well as privacy and legal/regulatory issues.
  • We never download customer data on our premises.
  • We have dedicated specialized teams that monitor the regulatory and legal requirements continually, as well as enforce privacy and security requirements.
  • We are insured against cybersecurity incidents

 

We protect your billing information

  • Your card information is transmitted, stored, and processed securely on a PCI-Compliant network, where all transactions are processed using secure encryption - the same level of encryption used by leading banks.
  • We do not keep credit card information on our infrastructure in any way.