The Human Focus online training system hosts a significant amount of data for our clients which needs to be kept safe and secure. is has to be balanced with the need to allow employees to access data, often from mobile devices and whilst working in locations away from fixed offices. This increasingly includes homeworking and the use of Wi-Fi networks that may not be secure.
We provide an overview of the data security infrastructure we have in place to ensure that our system meets not only meets all regulatory requirements, but also extends to provide a high level of data security for our clients.
The Human Focus online training system is hosted on the AWS (Amazon Web Services) platform. This cloud-based service is widely acknowledged as being highly secure and provides very reliable control systems for market leading data security.
In addition to using AWS, we also use a range of industry best practices to ensure data security. This includes:
All of these systems and processes enable us to deliver a high level of data security and ensures that we keep our client’s sensitive information has the utmost protection from cyber attacks and other potential data leaks.
The Cyber Essentials Scheme is a UK government backed scheme that helps protect organisations against a wide range of cyber-attacks. We are pleased to say that as part of our cyber security initiative, Human Focus has become Cyber Essentials certified. Cyber Essentials covers the IT infrastructure currently used within our organisation, including but not limited to, servers, workstations, firewall hardware, anti-virus and software applications.
Compliance with this government backed scheme provides our clients with the peace of mind that the Human Focus system is designed to protect against the vast majority of cyber attacks.
Clients access the Human Focus system over the Internet, including via dedicated mobile apps on both Apple and Android devices. To ensure that data links maintain system security, the Human Focus system uses industry leading encryption to protect our data and connections. The technical term for this encryption is known as TLS 1.1-1.2) using 2048-bit, SHA-256 certificates. Each interaction with the Human Focus system is protected by what is called unique session tokens – these enable us to check that each person who uses the system is properly protected and that there is a verifiable way of checking that this is occurring.
Human Focus regularly tests our online systems for security vulnerabilities and other defects that may affect cyber security.
We subscribe Data security scanning applications that send our internal IT support staff real time security alerts if there are any unauthorised attempts use our systems. This real-time monitoring of our dedicated internal IT enables us to respond immediately if there are any data threats and to take timely action based on any risks that arise.
All new updates to our online training systems are carefully benchmarked against our internal security guidelines, including the OWASP (Open-Source Foundation for Application Security) Top 10 flaws and other risks as appropriate to the technology. In addition to this, application servers are regularly patched against operating system and software component exploits. Passwords or other credentials are never stored in clear text but are hashed and salted according to industry best practices. We believe on principle of least privilege. We use separate development, staging, and production environments, and no customer data is present in development or staging environments.
Our server provider AWS (Amazon Web Services) has extensive physical and environmental controls. These include:
Human Focus also has a range of Security measures at our physical locations that include:
Access to the backend of our online training system, including the actual servers, is strictly controlled and limited to selected employees within our organisation.
The servers that actually deliver our service are separated from those which we used for development and testing. This insulates them from any new developments until they have been thoroughly tested and also limits of our employees who need to actually access the live servers.
All access to our system servers is closely monitored and there is an ongoing log of all interactions so that we are able to go back and check who accessed the system, what they did and what data was transferred. All passwords are highly secure and changed regularly.
System access and logs are stored on a separate, hardened server for auditing purposes. Application access logs, operating systems logs and other relevant logs are collected and analysed based on our internal security objectives.
We are using strict administrative controls. Access to customer data is restricted to authorised personnel. Access to production servers is limited to only Senior Level employees based on need and All access is limited, logged and tracked for auditing. Employees in engineering, operations, and developer roles with access to production data have background checks as a condition of employment.
All employees are trained on information security and privacy procedures. At no time is any user data removed from Human Focus-owned computers, and Human Focus machines use appropriate technical measures, including full-disk encryption and VPN (Virtual Private Network) access, to ensure that user data remain secure.
We have in place a robust system to ensure that we are able to maintain a high level of service delivery and to respond effectively in the event of a disaster. These measures include:
Human Focus prides itself on providing a secure system. We take the protection of our client’s data very seriously. As an online training provider we understand that the data we process on behalf of our clients must be protected to the highest possible standard whilst facilitating practical use by their employees.
