Introduction
Educe Trading Ltd (The PE Hub) recognises that data security is critical for your school or company, and adequately securing data contained within our platform is critical. We are committed to openness and transparency. This document provides you with key information on our security standards and processes.
Platform Architecture
The PE Hub LMS platform (The PE Hub / LMS) is a cloud service utilising vendors including Amazon Web Services, AuthO, Vercel and Cloudflare. Amazon Web Services has the highest level of certifications, including ISO 27001, PCI Certification, and SOC. For more compliance information, you can visit AWS Security and AWS Compliance. AuthO also possesses all key certifications. Cloudflare possesses an identical level of certification. For more information please visit Cloudflare's Security & Compliance Page. Vercel also possesses all key certifications. For information on Vercel’s security certifications and compliance, you can visit Vercel Security.
Where other vendors are used and disclosure of that information could be useful to an attacker we may redact details of these vendors to maintain platform security. Please contact us directly if you wish to obtain a full disclosure list of all vendors.
Data Security, Encryption & Authentication
Data in Transit
All data transmitted between The PE Hub’s servers and a client is encrypted. All connections with The PE Hub’s services are encrypted and served through SSL. You cannot access our service without using HTTPS. All certificates are verified on both sides with third party authorities. The PE Hub supports the latest encryption protocols, standards and signatures (e.g. TLS 1.3, AES256 and SHA2).
Data at Rest & End-User Authentication
Customer data is encrypted when at rest. Each of our customers’ data is logically separated from other customers’ data and protected via strong authentication. MFA is an available setting for customers and customers are encouraged to adopt MFA.
Data Residency
All of The PE Hub's application servers and data centres are based in the UK and EU but may be accessed internationally via the internet. Depending on the location of the requesting client we may process data in transit in other global locations.
Application Development
New features, performance improvements, and bugfixes are deployed multiple times per week. All code is peer reviewed and requires multiple levels of acceptance on test/staging environments prior to deployment on production. Changes are checked for security and errors via extensive unit, integration, and static analysis tests. Production data is separated from development environments.
Uptime and Reliability
We constantly monitor our service performance and have automatic notifications to ensure rapid response for service interruptions. All code is audited and peer reviewed before deploying to production servers. Our entire codebase is automatically monitored and continually checked for vulnerabilities. We also monitor updates from the security community and immediately update our systems when vulnerabilities are discovered.
Disaster Recovery
Application and customer data is stored redundantly. Customer data is backed up daily. Backups are retained for 7 days to recover in the event of a disaster. Our application source code is hosted on a cloud provider and continually backed up in multiple availability zones.
Employee Access Control
Provisioning
Employees of The PE Hub can only access data contained within an individual school/company account if granted access by an individual with administrative permissions in that organisation (account administrator). Access will be time-restricted and limited to achieving the purposes required by the account administrator.
Authentication
Employees of The PE Hub are required to use dual-factor passwords whenever a service we use has the ability.
Incident Response
In the event of a security breach, a member of our team will promptly notify any customer affected, as required by the UK Data Protection Act (2018) and other relevant legislation.
Conclusion
Everyone at The PE Hub is fully committed to securing your data. We take our responsibilities incredibly seriously. If you have any questions or require further information on our approach to security please contact us on info@thepehub.co.uk.