Full Data Security Statement
The technologies used to build our platform and applications are native cloud, multi-tenant and designed to scale to thousands of users. We utilize a modern technology stack to take advantage of advancements in web-design, open source technologies, scalability, and security.
Our platform and applications are hosted on cloud infrastructure provided by Amazon Web Services, or AWS. Our hosting services provide full support, rolling release upgrades/updates, backup, and disaster recovery services. We primarily use Elastic Compute Cloud, or EC2, along with load balancing, auto scaling and storage, or S3, provided by AWS. Our infrastructure enables us to scale horizontally and rapidly adjust to variances in usage, at the server, database and file store level. Our applications run on virtualized instances in Tier III and Tier IV AWS data center facilities, which provide industry-standard best security practices.
As of December 2018, we used AWS data center facilities located in Sydney, Australia, for APAC roll-outs and, Oregon and Virginia, USA, for US roll-outs and intend to expand operations to other regions based on market conditions. These facilities have earned multiple certifications including, but not limited to, SOC 2 Type II, ISO9001 and ISO27001.
We designed our platform to be resilient to failure and capable of rapid recovery from component failure. We apply a wide variety of strategies to achieve enterprise-grade reliability. We have automated procedures in place to handle coordinated changes across our various instances and store backups of key databases in multiple redundant and geographically isolated locations.
Our technology stack is a dynamic web application. We use Web 2.0 technologies like CakePHP and Ionic/Angular, which provide users a familiar web experience. Our platform is built on underlying proprietary and open source technologies, taking full advantage of advancements in scalability and flexibility. We utilize Postgres databases and Redis value store. Our platform also provides an API that third-parties can use to add new features and functionality.
Keeping the platform secure is a primary focus of our operations team due to the sensitive nature of the data contained within the platform.
Other Frequent questions
Exactly what information is being stored (i.e. student name, email, contact number, etc.)
To provide an account on Practera, the system requires a user email and name as a minimum. What exact data is stored beyond these minimum requirements depends on the configuration. For example, if an assessment asks the students to provide their mobile number, this piece of information will be stored in our database together with the rest of the assessment submission. Students can elect to provide their mobile numbers to opt in for SMS notifications, if that feature is activated for your experience.
Where is the information stored?
The information is stored in Sydney.
What cloud is it stored in?
Amazon Web Services (AWS).
When is the data deleted? If it is not deleted immediately, following the end of the program, why not? Who is going to control the data?
Our customers are in full control of the personalised data that is captured within their Practera experience/program. Data is not deleted automatically at any point as it is a requirement for most of our customers to retain the student records. The data is controlled by Administrators and Coordinators in the respective programs on Practera. Personal data collected and available in a program cannot be accessed by anyone without access to that program. In case of full serviced programs, our experienced program administrators control the data on behalf of our customers. Depending on specific requirements, arrangements for manual deletion can be made on a per-program basis.