Regular security updates: Every week we update Dawn with our latest enhancements, bug fixes, and security improvements. To avoid disrupting customers, all updates from external services are tested by software and humans before rolling out.
Authentication: We support Open ID Connect for single sign-on (SSO). For users who prefer to use the internal Dawn authentication process, we store hashed passwords using the bcrypt algorithm.
Physical security: Dawn uses Amazon Web Services (AWS). AWS protects a global infrastructure of hardware, software, networking, and facilities, and is designed and managed around a variety of best practices and global security standards. AWS participates in various assurance programs, including FERPA, SOC1, and SOC 2, and is regularly independently audited (see https://aws.amazon.com/compliance for full details).
Protocol and session security: We use HTTPS for all internal and external communication using 2048-bit TLS 1.2 or greater.
Secure data storage: All data is stored using the industry standard AES-256 encryption algorithm.
Backup and recovery: Dawn data is backed up every 24 hours. In the case of a disaster, data can be recovered from these backups.
Commerce Transactions: Dawn uses Stripe for all payment processing. Dawn does not store any credit card information internally.
Redundancy: All systems have multiple redundant components either in a hot/hot or hot/warm configuration.
Software development process: The Software development process includes test-driven development, automated tests, peer code reviews, continuous integration and deployment, and change control, all with a focus on quality and security. External 3rd parties provide security audits.
Incident Response: We have a documented incident response policy that we use to manage incidents.
Preventative controls:
- Agilix filters all corporate email through multiple vendors’ anti-spam and anti-virus software before delivery.
- Multiple Internet Service Providers (ISPs) provide redundancy in the event of a security incident.
- Fault and failure tolerant design provides uninterrupted services in the event of component failure.
- Web services include a redundant boundary, DMZ firewalls, and load balancers to protect all information assets.
- A default “deny-all” firewall policy controls inbound and outbound traffic with only required IP addresses and ports open.
- Remote access to AWS management for production systems requires two-factor authentication to connect.
- All PII is encrypted at rest and in motion.
- Web services enforce redirection to HTTPS connectivity to validate the authenticity of the server and to protect the logon authentication process.
- Web certificates are rotated every 60 days.
- HTTPS encryption enforces TLS 1.2 or greater.
- Dawn includes input validation, output encoding and other OWASP top 10 best practices to protect against vulnerabilities.
Administrative controls:
- Agilix performs background checks that cover: social security number verification; searches of the local and national sex offender registry search; and a criminal history search (i) in the national/federal databases, and (ii) for any state and county in which the individual has resided.
- Agilix trains all of our employees yearly on our corporate policies and security controls. Special training is reserved for those employees with access to our highest level of data (Customer PII).
GDPR: We are considered a processor under the GDPR. Data controllers provide us with their policies and requirements to support processing data under the GDPR. Learners are able to download and delete their own data at any time.
We keep our security current: The information in this document is accurate as of the listed date and is subject to change. We update our systems and processes as security needs grow and change. If you have any questions, contact us through https://agilix.com/contact-us.