Security

We recognize that security is critical to you and your success. This is a responsibility we take seriously, and we work with security researchers to stay up to date with the most recent practices in web security.

While we cannot reveal every measure we have in place (as this could be used against us by the very actors we protect ourselves against), we can give you a high-level overview of how we actively keep you and your data safe.

If you have any questions after you’ve read this, please let us know.

  • Compliance and Certifications

    ISO/IEC 27001:2013: This standard demonstrates that we manage the security of our information according to the practice internationally recognized as the best. The ISO 27001 certificate means we protect our customer and employee information, manage risk effectively, and comply with other regulations.

    ISO 9001:2015: Compliance with ISO 9001 confirms that the quality of our product and the processes we use are efficient. The standard also demonstrates that we consistently build products that people want and we meet all types of regulatory requirements.

    GDPR compliant: We comply with the European Union General Data Protection Regulation. TalentLMS is verified compliant with the EU Cloud CoC, Verification-ID: 2020LVL02SCOPE003. For further information, please visit eucoc.cloud/en/public-register.

    Security Trust Assurance and Risk (STAR) Level 1: We comply with the STAR key principles of transparency, rigorous auditing, and cloud security and privacy best practices. View our registration here.

  • Infrastructure Security

    TalentLMS is exclusively hosted on Amazon Web Services (AWS). AWS is recognized for data centers that are built to withstand all types of threats and are certified for high quality and security.

    – We use storage infrastructure designed for mission-critical and primary data storage. And AWS guarantees reliable data storage.

    – We take backups that are stored on multiple devices across multiple facilities in multiple availability zones. Daily backups ensure we can restore your data in case of failure or accidental deletion.

    – All AWS servers are encrypted with AES-256. This is the same level of encryption the US government uses for Top Secret information.

    – We implement Two-Factor Authentication (2FA) for access control to our infrastructure.

    – We’ve built a security perimeter and permit VPN access to our network with an added layer of 2FA.

    – Our infrastructure is protected by Web Applications and Network firewalls.

    – We apply robust DDoS protection measures.

    – We employ enterprise endpoint security software to safeguard compliance and data security across all devices and networks. 

    – We’ve established BCDR and incident response plans. 

    – Our infrastructure provisioning and configuration are managed through Infrastructure as Code practices.

  • Application Security

    To keep our users and their data safe, we continually and carefully monitor, fix, and prevent any security vulnerabilities.

    – We integrate security protocols throughout the Software Development Lifecycle with Continuous Security practices. These include Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). 

    – We run regular code reviews of our application code. 

    – We conduct frequent penetration tests on our infrastructure to identify and prevent vulnerabilities. 
    We’ve established a bug bounty program so researchers can report potential security issues. We also have a comprehensive vulnerability detection policy for responsible disclosure. 

  • Internal Security

    At TalentLMS, we promote a culture of security, so all our employees understand its importance.
    Before hiring, we conduct background checks.

    – All employees sign confidentiality agreements.

    – All employees are trained in security and privacy, including best security practices, information on new threats and vulnerabilities, as well as privacy and legal/regulatory issues.

    – We never download customer data on our premises.

    – We have dedicated specialized teams that monitor the regulatory and legal requirements continually, as well as enforce privacy and security requirements.

    – We are insured against cybersecurity incidents.

  • High Availability

    – We strive to maintain a high level of availability for our services, with 99.9% uptime. You can check the real-time status of our system at any time by visiting https://status.talentlms.com

    – We design our infrastructure with redundant architecture in mind, using Multi-Availability Zone deployments. 

    – Our infrastructure comes with autoscaling capabilities to optimize performance. 

    – Our Service Level Agreement (SLA) outlines our commitment to availability and stability.

  • Alerting and Monitoring

    – We implement in-depth monitoring regarding all platform components and services. 

    – Our alerting and incident response operates 24/7, meaning that our team remains continuously vigilant and ready to address any malfunctions that may affect the platform. 

    – We have an Intrusion Detection System in place that constantly monitors our network and systems for suspicious activity.

  • TalentLMS application security features

    We’ve implemented a series of security features that contribute to a robust and secure platform, protecting user data and the entire operation of TalentLMS. These features include: 

    Secure API integration

    Ability to restrict registrations to specific domains

    – Prevention of multiple logins from the same user

    – Ability to add watermarks on your uploaded content to prevent copyright violations

    – Ability to disable iframes

    – Secure intercom communication between users

    – Emergency account lock

    – Emergency mobile access lock

    – Ability to hide domain from search engines

  • We protect your billing information

    – Your card information is transmitted, stored, and processed securely on a PCI-Compliant network, where all transactions are processed using secure encryption – the same level of encryption used by leading banks.

    – We do not keep credit card information on our infrastructure in any way.