Effective Date: May 15, 2018
Capitalized terms that are not defined in these Security Measures have the meanings as set forth in the Terms of Service or the Data Processing Addendum.
Knowbly Learning Systems, Inc. (together with its officers, directors, employees, agents, subsidiaries and affiliates, “Knowbly”) team guides the implementation of controls, processes, and procedures governing the security of Knowbly and its customers. The Knowbly security team is responsible for developing, implementing and maintaining an information security program that reflects the following principles:
- Align security activities with Knowbly’s strategies and support Knowbly’s objectives.
- Leverage security to facilitate confidentiality, integrity, and availability of data and assets.
- Utilize Knowbly’s security resources efficiently and effectively.
- Utilize monitoring and metrics to facilitate adequate performance of security related activities.
- Manage security utilizing a risk-based approach.
- Implement measures designed to manage risks and potential impacts to an acceptable level.
- Leverage industry security frameworks where relevant and applicable.
- Leverage compliance/assurance processes as necessary.
- Analyze identified or potential threats to Knowbly and its customers, provide reasonable remediation recommendations, and communicate results as appropriate.
Data Center Security, Availability, and Disaster Recovery
- Knowbly leverages leading data center providers to house our physical infrastructure.
- Our data center providers utilize an array of security equipment, techniques and procedures designed to control, monitor, and record access to the facilities.
- We have implemented solutions designed to protect against and mitigate effects of DDoS attacks.
- Our cloud-based infrastructure ensures platform standards across multiple geographies.
- Knowbly maintains geographically separate data centers to facilitate infrastructure and service availability and continuity.
Application Level Security
- Knowbly hashes passwords for user accounts and provides SSL for customers.
- Regular pen testing is performed on the Knowbly platform, the results of which are analyzed and remediated (as appropriate) by our engineering and security team.
- In the event of an issue related to the security of the Knowbly platform, the Knowbly security team follows a formal incident response process.
- We analyze identified or potential threats to Knowbly and its customers, provide reasonable remediation recommendations, and communicate results as appropriate.
Knowbly Building and Network Access
- Physical access to Knowbly offices and access to the Knowbly internal network is restricted and monitored.
Systems Access Control
- Access to Knowbly systems is limited to appropriate personnel.
- Knowbly subscribes to the principle of least privilege (e.g., employees, system accounts, vendors, etc. are provided with the least amount of access for their job function).
- Knowbly leverages multifactor authentication.
Security Risk Management
Threat intelligence and risk assessment are key components of Knowbly’s information security program. Awareness and understanding of potential (and actual) threats guides the selection and implementation of appropriate security controls to mitigate risk. Potential security threats are identified, and assessed for severity and exploitability prior to being classified as risks. If risk mitigation is required, the security team works with relevant stakeholders and system owners to remediate. The remediation efforts are tested to confirm the new measures/controls have achieved their intended purpose.