We believe that business relationships are built on trust and have been striving to be worthy of that trust from the day we launched our company. We have implemented security by design since our founding, and even opted to have our security audited by an external company even before we thought of any security certification.
We approached privacy in a similar way, designing automated process to remove unneeded personal information, long before we’d ever heard of the term GDPR (actually even before the draft was published).
As a security awareness training vendor built by security professionals, we know what customers expect and have built our infrastructure to meet the needs of any security conscious customer. In implementing our GDPR compliance program, we have appointed an internal Data Protection Officer (DPO) (in accordance with Art. 37 of the Regulation (EU) 2016/679 (“GDPR”): who can assist with any GDPR-related questions or concerns.
We know how important compliance is to our customers. Catering to some of the world’s most notable brands means that our customers may have their own internal compliance teams, and as their providers we are a critical part of these efforts.
With that in mind, we view compliance as a vehicle toward a better world and see legal and regulatory frameworks as a compass to guide us in that direction.
When we set out on our journey toward GDPR compliance, our team quickly identified many of the outlined processes that we had previously implemented, such as security by design and privacy by design.
As a data processor, we have nominated an internal Data Protection Officer who oversees our processing activities from the perspective of personal information protection. CybeReady was certified to ISO 27001 on July 2018– which verifies that we have an operational Information Security Management System.
Security and Privacy at CybeReady
As a company that takes security very seriously, we recognize that our internal actions have implications for our customers–and as such, they are important to you. While we’re naturally unable reveal everything here, as we would not want to inadvertently assist any malicious actors. So below, we’ll share some insights on how we maintain our security posture:
A Protected Architecture: Our service environment was designed with information security in mind. A full separation of the various services to different servers was ensured, out of which only our content servers are accessible via the Internet.
Servers: We use hardened servers, taking care to strictly follow the security updates’ installation policies immediately upon their release.
Development: Throughout our product’s R&D phase, we have emphasized secured development, ensuring implementation of security best practices.
Restricted System Access: The backend environment is only accessible to the CybeReady team (not to customers), and the servers themselves are accessed using a secure remote access solution that is protected with an integrated two-factor authentication mechanism.
Content Server Protection: The content servers are protected by a firewall and a web application firewall (CloudFlare), which we have set at the maximal security settings blocking mode.
Data Protection: Standard encryption mechanisms are being employed at the operating system and database level in order to protect all of our sensitive data.
Access and Authorization Control: Access to the system and data contained therein is limited to authorized personnel and is strictly monitored.
Security Surveys: Our system undergoes periodical security surveys, which consist of penetration testing (PT) as well as code and architecture reviews by an external company that specializes in this area.
Data Backup: All data backups are encrypted to prevent breaches. Client Data Transfer: Data is transferred to clients in a secure manner, based on a commercial transportation infrastructure that implements data encryption and strong identification (two-factor authentication).
For more information, you can contact our security team