We recognize that security is critical. This is a responsibility we take seriously, and we work with security conscious companies to stay up to date with the most recent practices in web security.
While we cannot reveal every measure we have in place (as this could be used against us by the very actors we protect ourselves against), we can give you a high-level overview of how we actively keep you and your data safe.
If you have any questions after you’ve read this, please let us know.
EXAMINATION SECURITY
Online examinations naturally present a less stressful and comfortable testing environment that contributes to individual’s better test performance, higher level of reliability of scoring compared to a test center, and provides a generally better experience. To manage risk and ensure proper security while providing the benefits of online testing, our platform brings you advanced technology and key security features.
Our testing platform UI:
- requires secure individual login
- contains alternate question banks
- contains alternate video files
- uses randomized question selection
- uses a copy block
- is secured by Amazon Web Services
CERTIFICATIONS
ISO 27001: This standard demonstrates that we manage the security of our information according to the practice internationally recognized as the best. The ISO 27001 certificate means we protect our customer information, manage risk effectively, and comply with other regulations.
ISO 9001: Compliance with ISO 9001 confirms that the quality of our product and the processes we use are efficient. The standard also demonstrates that we consistently meet all types of regulatory requirements.
GDPR compliant: We comply with the European Union General Data Protection Regulation in the way we store, retrieve, and protect your data.
CLOUD INFRASTRUCTURE
Our content is exclusively hosted on Amazon Web Services (AWS). AWS is recognized for data centers that are built to withstand all types of threats and are certified for high quality and security.
- We use storage infrastructure designed for mission-critical and primary data storage. And AWS guarantees reliable data storage.
- We take backups that are stored on multiple devices across multiple facilities in multiple availability zones. Daily backups ensure we can restore your data in case of failure or accidental deletion.
- All files that you upload are stored on servers that use the latest techniques to remove bottlenecks and points of failure.
- We use different storage for user and application data. These servers are not exposed anywhere but the internal network, which is isolated from the internet.
- We use load balancers to ensure we are online even with high traffic. Load balancers distribute requests to multiple servers, and this ensures that we can withstand attacks like DDoS.
- All AWS servers are encrypted with AES-256. This is the same level of encryption the US government uses for Top Secret information.
APPLICATION SECURITY
To keep our users and their data safe, we continually and carefully monitor, fix and prevent any security vulnerabilities.
- Our platform runs behind a firewall and is updated regularly with the latest security patches.
- We use automated tools to review and automatically scan for well-known vulnerabilities.
- All information passed back and forth between our server and your computer is encrypted (SSL/TLS 1.2). This means if anyone were to “listen in” and try to get to this data, they wouldn’t be able to read or decrypt it.
- We have strong password policies and alternative secure means of authentication. Your passwords are stored, hashed and salted in encrypted servers, which means even our staff does not know or have access to your password.
- We use in-depth monitoring services to visualize performance, detect irregular activity patterns, and ensure that our entire infrastructure is functioning as it should. This leads to excellent service performance and uptime.
- In addition to security offered by Amazon Web Services, we also run an Intrusion Detection and Prevention System.
INTERNAL SECURITY
We promote a culture of security, so all our employees understand its importance.
- We conduct background checks.
- All employees sign confidentiality agreements.
- All employees are trained in security and privacy, including best security practices, information on new threats and vulnerabilities, as well as privacy and legal/regulatory issues.
- We never download customer data on our premises.
- We have dedicated specialized teams that monitor the regulatory and legal requirements continually, as well as enforce privacy and security requirements.
BILLING SECURITY
- Your card information is transmitted, stored, and processed securely on a PCI-Compliant network, where all transactions are processed using secure encryption – the same level of encryption used by leading banks.
- We do not keep credit card information on our infrastructure in any way.
Effective Date: September 17, 2020