Access to the backend of our online training system, including the actual servers, is strictly controlled and limited to selected employees within our organisation.
The servers that actually deliver our service are separated from those which we used for development and testing. This insulates them from any new developments until they have been thoroughly tested and also limits of our employees who need to actually access the live servers.
All access to our system servers is closely monitored and there is an ongoing log of all interactions so that we are able to go back and check who accessed the system, what they did and what data was transferred. All passwords are highly secure and changed regularly.
System access and logs are stored on a separate, hardened server for auditing purposes. Application access logs, operating systems logs and other relevant logs are collected and analysed based on our internal security objectives.
We are using strict administrative controls. Access to customer data is restricted to authorised personnel. Access to production servers is limited to only Senior Level employees based on need and All access is limited, logged and tracked for auditing. Employees in engineering, operations, and developer roles with access to production data have background checks as a condition of employment.
All employees are trained on information security and privacy procedures. At no time is any user data removed from Human Focus-owned computers, and Human Focus machines use appropriate technical measures, including full-disk encryption and VPN (Virtual Private Network) access, to ensure that user data remain secure.