Security & Compliance
Security and compliance are top priorities for BrainCert because they are fundamental to your experience with the product.
Committed to Compliance
Our compliance program ensures that you and your customers can trust BrainCert and have third-party assurance that effective and robust controls protect your data.
SOC 2 Type II Certified
BrainCert has successfully completed the SOC 2 Type 1 & II certification and undergoes regular SOC 2 Type II audits (all 5 Trust Services Criteria) performed by an independent third-party auditing firm.
BrainCert is an ISO 27001:2013 certified company which means that BrainCert has a fully occupied information management system in place that is in compliance with the best practices recommended by ISO & IEC for information & data security.
BrainCert is committed to data privacy and security, including complying with and, where applicable, helping our customers and users comply with the EU General Data Protection Regulation (GDPR).
McAfee evaluates cloud services that fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection, and presents the McAfee Enterprise-Ready seal to only those services that have the highest CloudTrust™ rating possible.
BrainCert is compliant with Health Insurance Portability and Accountability Act (HIPAA) security requirements. With HIPAA compliance, customers can securely process and store protected health information (PHI) in BrainCert Cloud after executing a Business Associate Agreement.
Privacy Shield Framework
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to comply with data protection requirements when transferring personal data from the EU and Switzerland to the US.
BrainCert's Approach to Information Security and Data Privacy
Our Security Measures
Over the last few years, we've invested significantly in our data security and privacy infrastructure which means that the data security practices, policies, and procedures that are in place at BrainCert is fully capable of averting any data breach and ensuring data privacy.
BrainCert platform is built on Amazon Web Services (AWS) infrastructure that aligns with IT security best practices. AWS data centers have achieved SOC 1, 2, and 2, ISO/IEC 27001 certification, PCI DSS Level 1 compliance, and FedRAMP/FISMA reports and certifications.
Security in transit
All information that we receive and transmit is fully encrypted using the highest industry standard procedures and protocols, including TLS 1.2 and TLS 1.3 where applicable, and configured with strong ciphers based on the application stack.
Data encryption at rest
Our customers' data is encrypted at rest, using FIPS 140-2 validated HSMs (AWS KMS), and AES-256 symmetric encryption algorithms where appropriate. Access to customer data is highly restricted using Identity & Access Management (IAM) roles and policies.
Data access is controlled
Access to customer data is strictly limited to a small set of oncall engineers, is protected by auditing & alerting systems, and only available when debugging a specific problem (usually by customer request). Access to data is granted only when required for a particular job function.
BrainCert has implemented firewalls, intrusion detection, and other network protection services in accordance with industry best practices for securing BrainCert-managed applications, assets, and data. We undergo regular 3rd party penetration tests to ensure all our security practices and systems are top-notch.
BrainCert’s management team enforces zero trust access and follows the principle of least privilege for all of our applications — helping prevent impermissible data uses or disclosures by internal employees. All BrainCert internal employees undergo semi-annual security awareness training and sign-off policies.
BrainCert monitors and identifies possible intrusions on all infrastructure, applications, and services used to present the BrainCert Application. BrainCert follows a documented security incident response plan. In the event of any verified incident affecting customer data or an application, BrainCert notifies affected customers of such events in a timely manner.
Business Continuity & Disaster Recovery
BrainCert uses a scale out architecture with high availability built into various layers of our stack. We have a disaster recover plan that addresses multiple site availability and replication of critical customer data. All customer data is backed up regularly across geographic locations. BrainCert performs regular disaster recovery testing.
Ready to start your eLearning journey with a trusted solution?
Start Your 14-Day Free Trial
Create an amazing gamified learning platform that offers all the building blocks to deliver blended courses, assessments, proctored exams, live classes, digital certificates & badges, and much more.