SECURITY

Keeping your training courses safe

Over 400 clients trust us to protect their training content and the information of over 1,000,000 learners. Here’s how we do it.

INFORMATION SECURITY

Proactively protecting information: ISO 27001

We’ve implemented an information security management system (ISMS) and we’re certified against ISO 27001. The ISO 27001 certification demonstrates aNewSpring’s commitment to proactively managing and protecting information assets.

We have carefully designed our processes and continue to improve them. But without certification, it’s hard to prove this to the outside world. Since anyone who’s looking for a learning platform or a Learning Management System (LMS) will want to ensure their data is safe, we have gone through the ISO 27001 certification process. Now, it’s not just us saying that your data is safe with us; we can actually prove it.

A standard like ISO 27001 is a good start to provide insight into the level of security within aNewSpring. Not as a goal in itself, but as a means of getting information security in order, of keeping it that way and of taking it to a higher level.

Marlijn van de Kerkhof

Marlijn van de Kerkhof
Process & Quality Assurance Manager

Backups

On a daily basis, we make backups of the servers. These backups are then stored in a separate data centre. The process of restoring the production environment from the backups is tested on a regular basis

Data centre security

All of our servers are stored in top-tier data centres in Europe. They are all measured against industry standards and meet certifications such as ISO 27001 (information security management), ISO 9001 (quality management), AMS-IX  (operational and tech design requirements for the centre) and Open-IX (technical standards for interconnecting networks reliably).

APPLICATION SECURITY

Using OWASP to produce secure code

To ensure that we identify the most critical risk applicable to our platform, we test it (and its ongoing development) against the standards and benchmarks provided by the OWASP Top 10. The OWASP Top 10 is a comprehensive and powerful list put together by a variety of security experts around the world. Benchmarking against the OWASP Top 10 is a very effective step towards producing secure code.

Safe connection to other systems & apps

You can connect various systems and applications to the aNewSpring platform using APIs. To ensure a safe connection, we:

  • Use HTTPS for all domains.
  • Send the API key by using an HTTP header or a POST parameter (as opposed to a URL parameter).
  • Ensure that the API key only works from specific IP addresses.

DATA SECURITY

Private database per learning environment

Our platform is multi-tenant. This means that all clients make use of the same software but each environment has its own private database. This allows the data from different environments to maintain a strict separation of information, thus ensuring that clients cannot see the data of other clients.

Encrypted connection

All environments with a subdomain under anewspring.nl or anewspring.com can have an HTTPS connection. Because of this, it’s not possible for third parties to extract or intercept the information sent using this connection.

Many customers ask specific questions about the security of our platform. I’m glad they do. It shows that they take responsibility for the data of their customers. Many times, ‘security’ doesn’t get the attention it deserves.

Remco Rotteveel CTO aNewSpring

Remco Rotteveel
Chief Technology Officer

Encrypted password storage

The passwords of all users of the platform are stored in encrypted state. The hashing algorithm ensures that nobody (including the platform and aNewSpring employees) can retrieve account credentials, ensuring that sessions in our platform are secure.

Secure payments

Payment information is never stored in aNewSpring When you use our catalogue feature to sell your courses, the payment is always routed through a payment provider. Payment information is never stored in aNewSpring.

SYSTEM & NETWORK SECURITY

Application firewall

Our environment is protected by a firewall cluster which ensures that Internet traffic only passes through the HTTP and HTTPs ports. Outgoing traffic can only pass through ports which are used by external systems or applications that have a connection.

24/7 monitoring and alerting

All servers are monitored for availability and proper functioning, 24 hours a day, 7 days a week. In case of any technical problems, the support engineer receives a notification and he/she will resolve the problem as soon as possible.

Stefan van den Tol CCO

Have any security questions?

We understand the importance of keeping your valuable data safe. That’s why Stefan, our Chief Customer Officer, is available to answer all your questions.
+31 (0)10 2447460