Security Measures
Version Control / History
Version No. |
Description / Summary of Changes |
Date Effective |
1.0 |
Released |
23/10/2023 |
Technical & Organisational Security Measures
A current summary of technical and organisational security measures applied by Skillcast to Customer's Personal Data (including encryption/access controls/training/ screening of personnel/security reviews etc.) is given below:
- Access to Personal Data is restricted to the Customer Success Managers in the Customer Success Team. Other employees are barred from access to Customer Personal Data without a "need to know"
- Regular training for all employees and extra training for Customer Success Managers in Global Client Services
- Automatic logging of all activity on client portals
- Tight control over all components of IT Infrastructure where the Customer Personal Data is stored and processed
- State-of-the-art physical security in the Microsoft Azure datacentres where the production environment and data are hosted. Full details of physical security, physical access security and environmental protections can be seen on the following Microsoft websites.:
- High cyber-security protection for all components of IT Infrastructure, including Web Application Firewall, DDoS and bot protection, Intrusion Prevention and Detection System, network traffic monitoring, firewalls set up most tightly, encryption requirements and tight security policies for portable devices such as laptops, and centrally managed antivirus protection for all servers and user machines.
- Annual Infrastructure and Application Penetration Testing conducted by a third-party expert cyber security firm, and internal Infrastructure Vulnerability scans done at least once a month or after any relevant change
- Redundancy and high availability of the critical parts of the infrastructure with robust backup and disaster recovery solutions
- Secure and encrypted VPN connections between different sites
- Multifactor authentication required for accessing client portals where Personal Data is stored and processed
- Advanced Encryption Standard (AES) 256-bit key encryption for data at rest; HTTPS and SFTP protection for data transfer
- Segregation of each Service Recipient's data