As a software-as-a-service provider we collect data and store this "in the cloud". We take data security and privacy extremely serious.
We are ISO27001 certified for development and hosting of online training and testing software-as-a-service, providing technical support, and offering functional support through client success services (certificate available on request).
Below you find answers to some of the frequently asked questions with regards to data security.
Data we collect upfront (* is mandatory):
a) name
b) e-mail address*
c) personal password* (randomly generated, one-way encryption)
d) name of employer or training agency (deducted from the account the user is registered at)
Data generated during usage:
e) name of training(s) he/she is enrolled in (and group and coach he or she will receive feedback from)
f) audio or video recordings that user decides to save and share (generated while following the courses)
g) information about participation rate, progress, scores such as (i) answers given (ii) time spent (iii) feedback from and to other participants (iv) feedback and assessment scores from or to coaching
The Client is owner of the data and ultimately responsible. TrainTool is only processor of the data and will act accordingly.
All data is stored in the Netherlands, in datacenters located in Amsterdam and Schiphol (TelecityGroup). Backups are stored in the Equinix dataecenter.
TrainTool has daily backups and keeps daily backups for 30 days.
Maximum loss of data: 24 hours.
Maximum retention of (deleted) data: 30 days.
Automated 'hiding' after license expires
When a user's license expires, his answers and recordings are automatically hidden for himself, peers and coaches.
This can manually be opened up again by an administrator account.
Automated deletion of video recordings after license expires
45 days after user’s license expires, her video recordings are automatically deleted (as this is seen as sensitive data). The user is notified of this 14 days in advance and may choose to prevent this.
Manual deletion of user account
TrainTool (Data Processor) deletes data on explicit request of the client (Responsible Party), after which the data is kept in backups for a maximum of 30 days. Also, the user has the right to be forgotten.
End of agreement
45 days after the end of the agreement between client and TrainTool, all client's data and user accounts are destroyed. After this, it takes 30 days before all data is deleted from the backups as well.
Infrastructure, hosting and management of hosting is done by Sentia B.V. They are ISO27001 and ISAE 3402 type II certified.
A firewall cluster with a default-deny policy. Firewall logs are checked on a daily basis and updates to the firewall are done through a versioning system with peer0-review. All systems are checked with a network scan at least every two weeks, checking for issues such as open ports. Results are logged in a wiki. Other measures include: OS hardening, NaWas anti-DDos, vulnerability scanning (at least quarterly), regular patches (quarterly), emergency patches (daily), ISO27001 and all principles accordingly, standard offsite backups and DR snapshots.
All connections from and to the TrainTool application is encrypted through the SSL/TLS protocol. Settings for this connection are checked automatically.
Physical security measures for the datacenter include: access limited to whitelist, manned reception with identity control, hardware stored in locked cabinets, visitors always guided by Sentia employees, authorisation required for changes in hardware, periodic reporting about access.
Authorization levels
Users have on or more of the following roles: Participant, Coach, Content Developer and/or Administrator. The first Administrator of an account registers the other users and thereby controls the authorization levels of the users. This Administrator is either an employee of the client or an employee of TrainTool, acting on the explicit orders of the client.
Logs
Every moment in which user data is inspected by someone, is logged. Privacy logs available on request.
Control of authorization level
Every request that involves the inspection of user data, is checked on 4 levels:
1. Is this the correct account? Each request checks if the (a) the user is logged in, (b) the logged in user belongs to the current account and (c) if the data displayed on the page belongs to the current account. All passwords are one-way encrypted and communication is forced to follow the SSL/TLS protocol.
2. Does the user have the proper authorization level to view this page?
3. Does the user have inspection rights on each of the data objects on this page? Example: "does user have access to inspect feedback from person X on the video of person Y?" or "does user have access to download a report with the progress-data of person X?"
4. (In case of video or audio messages): is the user allowed to view this specific recording? If yes, the recording is decrypted.
Superuser
TrainTool employees with a technical or support role, are 'Superusers' and able to access and login to user accounts if necessary. The respective employees have signed a confidentiality agreement for this and are informed on the responsibilities for this. These actions are always logged and the list of Superusers is checked at least every quarter.