Information Security
Security of our customers data is our top priority. We employ many different layers of security to keep your data safe:
Application Security
Authentication over TLS
All network access to the Administrate platform is over cryptographically secure channels; this means the use of TLS (HTTPS) for accessing our services and APIs. The use of cryptography covers all access to the platform, including authenticating and using the Training Management System.
We mandate the same level of security for all services in our offering, so your learners will be afforded the same level of protection, too.
Administrate uses TLS1.2 or above for all network traffic, and regularly reviews the cipher-suites it supports.
Two Factor Authentication
The Administrate Training Management System (TMS) login screen can be configured to support two-factor authentication. Your Administrate instance can be configured to support SMS 2FA or app-based 2FA for additional security.
Data Security
Encryption At Rest
Administrate employs encryption-at-rest for all customer data and customer-provided content. Whether a customer is uploading their confidential training materials, or information about their students, Administrate will employ industry-standard AES-256 encryption as the data is written to disk. For customers who joined us before August 2021 this may require an upgrade and can be requested from the support team.
Data Isolation
Administrate provides each customer with complete data isolation; customers’ data is never co-mingled. Each customer has a completely separate database schema allocated to them, eliminating the risk of data from one customer being visible to another customer.
Backups
Administrate takes backups daily, and tests each backup daily. Backups are encrypted and securely stored within an Amazon S3 environment. Each customer’s data is backed up separately; enforcing data isolation in the backups, but also allowing individual customers to be rolled-back, if necessary.
Data Retention
Data shall be retained as long as a customer is under contract. Data for terminated customers will be deleted within 90 days of termination.
Infrastructure Security
Firewalls
Each component in Administrate’s infrastructure has its own firewall defined. Rather than one firewall to protect everything, Administrate has implemented per-service firewalls (using AWS Security Groups), allowing very fine grained control over the security of each component.
By implementing a firewall on each service, Administrate is able to offer incredibly high standards of protection to your data.
WAF
Administrate’s platform is protected by a Web Application Firewall (WAF). This offers additional security over the traditional firewalls. Administrate’s WAF automatically protects against denial of service attacks, and malicious content being uploaded.
Network Segregation
Administrate’s networks are segregated by design. Our production infrastructure is not accessible by our staging or development environments. This eliminates the risk of testing against real customer data.
Private Network
Administrate’s compute and data servers are located on a private network which prevents direct access from the Internet; all traffic has to go through a Load Balancer. Preventing external access in this manner greatly increases the security of your data.
Traffic leaving the Administrate private network, for example Webhook notifications, are delivered via an Internet-facing gateway. Administrate is able to provide customers with a small set of IP addresses from which traffic will appear to originate, so that they can perform allow-listing of our services.
Intrusion Detection
Administrate uses AWS GuardDuty to analyze and process data to detect anomalies involving Identity and Network access. Alerts from GuardDuty are sent to the Security Team to be reviewed and actioned where necessary.
Cloud Provider Security
Our providers have an impressive security track record for safeguarding your data and operations. Our main cloud provider, AWS, supports more than 98 security standards and compliance certifications including:
- SSAE16
- ISO 27001
- PCI Security Standards
- HIPAA Privacy Standards
- SOC-II Type II
No physical access is permitted to these data centers.