Security

If you have any legal notes regarding our processing of personal data or about Privacy Policy, Terms of Service or our Copyright policy you may contact legal@wearelearning.io

Security Policy

Last updated:

1. Security Governance

  • We have a Security Steering Group (SSG) who oversees our security posture and reports directly to our board.
  • Every team member is informed of their security responsibilities, promoting a culture of accountability and vigilance.

2. Data Protection and Privacy

  • Our data, both in transit and at rest, is encrypted to safeguard its confidentiality and integrity.
  • We classify our data meticulously and manage it according to its sensitivity, ensuring compliance with global data protection regulations.
  • Annual audits are planned to ensure ongoing compliance with standards such as GDPR and CCPA, reinforcing our commitment to data privacy.

3. Access Control

  • By adhering to the principle of least privilege and implementing role-based access control (RBAC), we ensure that access to sensitive information is strictly regulated.
  • Multi-factor authentication (MFA) is a standard practice for accessing our systems, enhancing our security framework.
  • Access permissions are regularly reviewed and adjusted in response to role changes or employment status updates, maintaining the integrity of our access control measures.

4. Incident Response and Management

  • We have a robust incident response plan that outlines clear procedures for managing security incidents, including how we notify affected customers and stakeholders.
  • Through regular drills, we ensure our team is prepared to respond effectively to security incidents.
  • Compliance with legal and regulatory reporting requirements is strict, with significant incidents reported to authorities within the mandated timeframe.

5. Network Security

  • Our network is protected with firewalls, intrusion detection, and prevention systems, monitoring and safeguarding our traffic 24/7.
  • Network security assessments and penetration testing are performed regularly, identifying and mitigating vulnerabilities proactively.

6. Application Security

  • We follow a secure software development lifecycle (SDLC) that integrates security reviews, vulnerability assessments, and code analysis.
  • Application vulnerabilities are routinely scanned using advanced security tools, ensuring our applications are resilient against attacks.
  • We strive to keep all third-party software and dependencies updated automatically, minimizing the risk posed by known vulnerabilities.

7. Employee Training and Awareness

  • Security awareness training is an ongoing activity for all employees, covering critical topics such as phishing and secure internet practices.
  • Employees are encouraged to report any suspicious activity to the SSG, contributing to our proactive security stance.

8. Vendor and Third-Party Security

  • We rigorously assess the security practices of third-party vendors before and during our engagement with them.
  • Our contracts with vendors include specific security requirements and obligations, ensuring they meet our high standards.
  • Vendor compliance is continuously monitored, managing the risks associated with third-party access to our data effectively.

At We Are Learning, these practices are not just policies; they are the foundation of our daily operations, ensuring the security and trust of our customers and partners.

Any questions on this topic?

Sign up for newsletters

Don't miss out on our latest news. Get the inside knowledge on product updates and upcoming events.

Privacy policy
© WE ARE 2024