Our System Security

Introduction

The Human Focus online training system hosts a significant amount of data for our clients which needs to be kept safe and secure. is has to be balanced with the need to allow employees to access data, often from mobile devices and whilst working in locations away from fixed offices. This increasingly includes homeworking and the use of Wi-Fi networks that may not be secure.

We provide an overview of the data security infrastructure we have in place to ensure that our system meets not only meets all regulatory requirements, but also extends to provide a high level of data security for our clients.

Overview

The Human Focus online training system is hosted on the AWS (Amazon Web Services) platform.  This cloud-based service is widely acknowledged as being highly secure and provides very reliable control systems for market leading data security.

In addition to using AWS, we also use a range of industry best practices to ensure data security. This includes:

Using suppliers to our system who are ISO27001 certified – the international standard for data security

Auditing our systems to ensure that we comply with the GDPR (General Data Protection Regulation) and Data Protection Act

Industry leading encryption

Network Controls to ensure that only authorised Human Focus employees are able to access client data

A comprehensive range of measures for disaster recovery to protect our clients data in the event problems arise

A comprehensive internal data security programme which is based on the UK government backed Cyber Essentials programme

Vulnerability scans to test IT systems and control processes to ensure the compliance with these practices

Security arrangements for our physical locations

A software development team that is equipped with tools to help them build secure apps from the very beginning of the software development life cycle

All of these systems and processes enable us to deliver a high level of data security and ensures that we keep our client’s sensitive information has the utmost protection from cyber attacks and other potential data leaks.

Cyber Essentials Scheme Certification

The Cyber Essentials Scheme is a UK government backed scheme that helps protect organisations against a wide range of cyber-attacks.   We are pleased to say that as part of our cyber security initiative, Human Focus has become Cyber Essentials certified. Cyber Essentials covers the IT infrastructure currently used within our organisation, including but not limited to, servers, workstations, firewall hardware, anti-virus and software applications.

Compliance with this government backed scheme provides our clients with the peace of mind that the Human Focus system is designed to protect against the vast majority of cyber attacks.

Cyber Essentials Scheme Certification 2024
system security

Data Encryption

Clients access the Human Focus system over the Internet, including via dedicated mobile apps on both Apple and Android devices.   To ensure that data links maintain system security, the Human Focus system uses industry leading encryption to protect our data and connections. The technical term for this encryption is known as   TLS 1.1-1.2) using 2048-bit, SHA-256 certificates.  Each interaction with the Human Focus system is protected by what is called unique session tokens – these enable us to check that each person who uses the system is properly protected and that there is a verifiable way of checking that this is occurring.

Data Security Testing

Human Focus regularly tests our online systems for security vulnerabilities and other defects that may affect cyber security.

We subscribe Data security scanning applications that send our internal IT support staff real time security alerts if there are any unauthorised attempts use our systems.  This real-time monitoring of our dedicated internal IT enables us to respond immediately if there are any data threats and to take timely action based on any risks that arise.

data security

All new updates to our online training systems are carefully benchmarked against our internal security guidelines, including the OWASP (Open-Source Foundation for Application Security) Top 10 flaws and other risks as appropriate to the technology. In addition to this, application servers are regularly patched against operating system and software component exploits. Passwords or other credentials are never stored in clear text but are hashed and salted according to industry best practices. We believe on principle of least privilege. We use separate development, staging, and production environments, and no customer data is present in development or staging environments.

secure system

Physical & Environmental Security

Our server provider AWS (Amazon Web Services) has extensive physical and environmental controls. These include:

Extensive arrangements for emergency power supplies – known as a redundant power supplies

Biometric identification for all employees who access physical web servers

Human Focus also has a range of Security measures at our physical locations that include:

Building access control which insures that only authorised employees can access sensitive areas

Building alarm systems which are linked to a central monitoring station to provide 24 hour, seven day-a-week surveillance, particularly out of normal working hours

A highly secure password system to ensure that only authorised staff are able to access our online systems – particularly those with higher levels of authority

Network Access Controls

Access to the backend of our online training system, including the actual servers, is strictly controlled and limited to selected employees within our organisation.

The servers that actually deliver our service are separated from those which we used for development and testing. This insulates them from any new developments until they have been thoroughly tested and also limits of our employees who need to actually access the live servers.

All access to our system servers is closely monitored and there is an ongoing log of all interactions so that we are able to go back and check who accessed the system, what they did and what data was transferred. All passwords are highly secure and changed regularly.

Security Monitoring

System access and logs are stored on a separate, hardened server for auditing purposes. Application access logs, operating systems logs and other relevant logs are collected and analysed based on our internal security objectives.

Administrative Controls

We are using strict administrative controls. Access to customer data is restricted to authorised personnel. Access to production servers is limited to only Senior Level employees based on need and All access is limited, logged and tracked for auditing. Employees in engineering, operations, and developer roles with access to production data have background checks as a condition of employment.

All employees are trained on information security and privacy procedures. At no time is any user data removed from Human Focus-owned computers, and Human Focus machines use appropriate technical measures, including full-disk encryption and VPN (Virtual Private Network) access, to ensure that user data remain secure.

Security of Service Delivery & Disaster Recovery

We have in place a robust system to ensure that we are able to maintain a high level of service delivery and to respond effectively in the event of a disaster. These measures include:

Robust Infrastructure

Our service is hosted within the AWS (Amazon Web Services) cloud, which provides extremely high levels of reliability.  Our system is designed to allow us to quickly increase our capability if we require more bandwidth, or to switch to different server locations if a particular territory experiences service delivery problems.

Disaster Recovery

Our data infrastructure has many elements of redundancy that protect against a wide range of potential faults.  If the worst should happen,  our backup and deployment system enable us to move to a completely different delivery system in a matter of hours whilst ensuring that there is no data loss.

Data durability

We have a backup system that transfers data near-real-time to a backup server.  This provides an extremely durable (99.999999999%) back-up storage facility.  All data, including backups, are never sent across international boundaries unless it is with our client’s permission.  The integrity of our data backups are tested monthly by restoring a complete backup to test systems and verifying the data.

Performance Monitoring

Every component of the system sends information back to our centralised monitoring system in real time, allowing us to track the performance of our online system and to take corrective actions also in near real-time.

Conclusion

Human Focus prides itself on providing a secure system. We take the protection of our client’s data very seriously. As an online training provider we understand that the data we process on behalf of our clients must be protected to the highest possible standard whilst facilitating practical use by their employees.