The Data Security Arrangements for the Human Focus Online Training System

Introduction

The Human Focus online training system hosts a significant amount of data for our clients which needs to be kept safe and secure. This has to be balanced with the need to allow employees to access data, often from mobile devices and whilst working in locations away from fixed offices. This increasingly includes people working from home and the use of Wi-Fi networks that may not be secure.

In this article, we provide an overview of the data security infrastructure we have in place to ensure that our system not only meets all regulatory requirements but also extends to provide a high level of data security for our clients.

Overview

The Human Focus online training system is hosted on the AWS (Amazon Web Services) platform. This cloud-based service is widely acknowledged as being highly secure and provides very reliable control systems for market leading data security.

In addition to using a AWS we also use a range of industry best practices to ensure data security. This includes:

Using suppliers to our system who are ISO27001 certified. ISO27001 is the international standard for data security.

Auditing our systems to ensure that we comply with the GDPR (General Data Protection Regulation) and Data Protection Act.

Industry leading data encryption.

Network Controls to ensure that only authorised Human Focus employees are able to access client data that is relevant to their work and in a way which is strictly controlled.

A comprehensive range of measures for disaster recovery and data backups to protect our clients data in the event problems arise.

A comprehensive internal data security programme which is based on the UK government backed Cyber Essentials programme.

Vulnerability scans to test IT systems and control processes to ensure the compliance with these practices.

Security arrangements for our physical locations.

Our software development teams are equipped with the tools which help them to build secure apps from the very beginning of the software development life cycle.

All of these systems and processes enable us to deliver a high level of data security and ensures that we keep our client data with a high degree of protection from cyber attack and other potential data leaks.

Cyber Essentials Scheme Certification

The Cyber Essentials Scheme is a UK government backed scheme that helps protect organisations against a wide range of cyber-attacks. We are pleased to say that as part of our cyber security initiative, Human Focus has become Cyber Essentials certified. Cyber Essentials covers the IT infrastructure currently used within our organisation, including but not limited to, servers, workstations, firewall hardware, anti-virus and software applications.

Compliance with this government backed scheme provides our clients with the peace of mind that the Human Focus system is designed to protect against the vast majority of cyber attacks.

cyber-security
system security

Data Encryption

Clients access the Human Focus system over the Internet, including via dedicated mobile apps on both Apple and android devices. To ensure that data links maintain system security the Human Focus system uses data encryption – this metaphorically locks the data and makes it very difficult for an authorised users to access.  We use industry leading encryption code to protect our data and connections – the technical term for this encryption is known  TLS 1.1-1.2) using 2048-bit, SHA-256 certificates.  Each interaction with the Human Focus system is protected by what is called unique session tokens – these enable us to check that each person who uses the system is properly protected and that there is a verifiable way of checking that this is occurring.

Data Security Testing

Human Focus regularly tests our online systems for security vulnerabilities and other defects that may affect cyber security.

We subscribe Data security scanning applications that send our internal IT support staff Real time security alerts if there are any attempts use our systems authorised ways which can of course include cyber attacks.  This real-time monitoring of our dedicated internal IT support team enables us to respond immediately if there are any data threats and to take timely action based on any risks that arise.

data security

All new updates to our online training systems are carefully benchmarked against our internal security guidelines, including the OWASP (Open-Source Foundation for Application Security) Top 10 flaws and other risks as appropriate to the technology. In addition to this, application servers are regularly patched against operating system and software component exploits and passwords or other credentials are never stored in cleartext but are hashed and salted according to industry best practices. We believe on principle of least privilege. We use separate development, staging, and production environments, and no customer data is present in development or staging environments.

secure system

Physical and Environmental Security

Our server provider AWS (Amazon Web Services) has extensive physical and environmental controls. This includes:

Extensive arrangements for emergency power supplies – known as a redundant power supplies

Biometric identification for all employees who access physical location is hosting the web servers

Human Focus also has a range of Security measures at our physical locations that include:

Building access control which insures that only authorised employees can access sensitive areas

Building larm systems which are linked to central monitoring station is to provide 24 hour, seven day a week surveillance, particularly out of normal working hours.

A highly secure password System to ensure that only authorize staff are able to access our online systems – particularly those with higher levels of authority.

Network Access Controls

Access to the backend of our online training system, including the actual servers, is strictly controlled and limited to selected employees within our organization.

The servers that actually deliver our service are separated from those which we used for development and testing. This insulates them from any new developments until they have been thoroughly tested and also limits of our employees who need to actually access the live servers.

All access to our system servers is closely monitored and there is an ongoing log of all interactions so that we are able to go back and check who accessed, what they did, and what data was transferred. All access called highly secure passwords char changed regularly.

Security Monitoring

System access and logs are stored on a separate, hardened server for auditing purposes. Application access logs, operating systems logs, and other relevant logs are collected and analysed based on our internal security objectives.

Administrative Controls

We are using strict administrative controls. Access to customer data is restricted to authorized personnel. Access to production servers is limited to only Senior Level employees based on need and All access is limited, logged, and tracked for auditing. Employees in engineering, operations, and developer roles with access to production data have background checks as a condition of employment. All employees are trained on information security and privacy procedures. At no time is any user data removed from Human Focus-owned computers, and Human Focus machines use appropriate technical measures, including full-disk encryption and VPN (Virtual Private Network) access, to ensure that user data remain secure.

Security of Service Delivery and Disaster Recovery

We have in place a robust system to ensure that we are able to maintain a high level of service delivery and to respond effectively in the event of a disaster. These measures include:

Robust Infrastructure

Our service is hosted within the AWS (Amazon Web Services) cloud, which provides extremely high levels of reliability.  Our system is designed to allow us to quickly increase our capability if we require more bandwidth, or, to switch to different server locations is a particular territory experiences service delivery problems.

Disaster Recovery

Our data infrastructure has many elements of redundancy that protects against a wide range of potential faults. If the worst should happen,  our backup and deployment system enable us to move to a completely different delivery system in a matter of hours whilst ensuring that there is no data loss.

Data durability

We have a backup system that transfers data near-real-time to a backup server. This provides an extremely durable (99.999999999%) back-up storage facility. All data, including backups, are never sent across international boundaries unless it is with our clients permission. The integrity of out data backups are tested monthly by restoring a complete backup to test systems and verifying the data.

Performance Monitoring

Every component of the system sends information back to our centralized monitoring system real time, allowing us to track the performance of our online system and to take corrective actions also in near real-time.

Conclusion

Human Focus prides itself on providing a secure system. We take the protection of our clients data very seriously. As an online training provider we understand that the data we process on behalf of our clients must be protected to the highest possible standard whilst facilitating practical use by their employees.

Menu
Live chat