Security and Trust

Securing your data,
securing your trust

At Omniplex Learning, your data is protected. Our robust approach to security spans across our product, team, infrastructure, and processes, giving you peace of mind knowing that your valuable information is safeguarded. We are committed to maintaining the highest industry standards and compliance regulations, earning the trust of our customers worldwide. Your security is our priority.

Compliance

ISO/IEC 27001

Omniplex Learning is ISO/IEC 27001 certified. ISO 27001 is a globally recognised, standards-based approach to security that outlines requirements for an organisation’s information security management system (ISMS).

GDPR

Omniplex Guide fully supports the General Data Protection Regulation (GDPR).

Product Security

Single Sign On (SSO)

Omniplex Guide supports multiple Single Sign On (SSO) platforms to better manage & secure our users. We support Multi-Factor Authentication if configured through SSO.

Role-Based Access Control (RBAC)

Omniplex Guide allows organisations to set access controls to restrict capabilities based on specific roles and authorities.

Audit Logs

Omniplex Guide stores every change, action, and event. This allows for easy auditing and root cause analysis.

Firewalls

Omniplex Guide is protected by the firewalls of our cloud service provider, Google Cloud Platform.

Data Security & Integrity

Data Encrypted At-Rest

All data hosted by Omniplex Guide is encrypted. Guide uses industry-accepted encryption products to protect data at rest.

Data Encrypted In-Transit

TLS 1.2/1.3 and HTTPS are used to protect data in transit.

Encrypted Passwords

As per our compliance with ISO/IEC 27001, all passwords are encrypted before they are stored.

Role-Based Access Control

User data is only able to be accessed by Omniplex personnel with relevant roles and authority.

Minimal Data Collection

Omniplex Guide only collects data that is vital to its operation. We do not store unnecessary data.

Monitoring

Omniplex Guide monitors access to its stored data to better identify potential data breaches.

Change Control Logging

Omniplex Guide employs a change control logging system so that all changes are visible, traceable, and attributable.

Privacy

Privacy Policy

Omniplex Guide operates under Omniplex Learning’s privacy policy, which can be found here.

Data Protection Officer

Omniplex Learning uses a third-party Data Protection Officer, who is responsible for maintaining and enforcing our privacy policy. If you have a requirement to find out more about our data protection policy, we will put you in touch with them upon request.

Data Retention Policy

By default, Omniplex Guide will retain personal data about users for 7 years as long as you have an open account with us or as otherwise necessary to provide you with our services. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.

Incident/Threat Management

Penetration Testing

Omniplex Guide is subjected to penetration testing on an annual basis using an independent third-party vendor, as well as monthly automated advanced scans. The scope of the test includes, but is not limited to, the web application, the browser extension, and the JavaScript snippet.

Static Application Security Testing (SAST)

Omniplex Guide uses static application testing to analyse source code for security vulnerabilities.

Data Breach Notification

If Omniplex Learning becomes aware of a security breach, we will notify affected users so that they can take appropriate protective actions. Our breach notification procedures are consistent with our obligations under applicable country level, state and federal laws and regulations, as well as any industry rules or standards applicable to us.

We are committed to keeping our clients fully informed of any matters relevant to the security of their data and to providing all information necessary for them to meet their own regulatory reporting obligations.

Availability/Continuity

Data Backups

Omniplex Guide performs regular backups of user data using Google cloud storage. Backup data is retained across multiple physically separate zones within Google Cloud Platform (GCP) regions. Backups are encrypted in transit and at rest by industry accepted encryption methods.

Disaster Recovery Plan

Omniplex Learning has implemented a Business Continuity Plan (BCP) to minimise the impact of service outages caused by unforeseen factors (natural disasters, man-made events etc). Our Disaster Recovery Plan (DRP) ensures that our services are restored to the widest extent possible in a minimal timeframe.

Auto Scaling

Omniplex Guide uses auto-scaling technologies to ensure the correct amount of resources are allocated in order to handle increased traffic during busy periods.

Denial of Service Protection

Omniplex Guide utilises a defence in depth approach to preventing DoS and DDoS attacks, and further mitigation to reduce the impact of such attacks on our systems and our customers.

Continuous Integration/Deployment

Omniplex Guide utilises a continuous integration and continuous development approach. Before code is integrated and pushed to production, it goes through a process of, peer review and source code control.

Node Clustering

In order to avoid single point of failures, Omniplex Guide clusters its services and nodes to ensure we are able to serve our customers even if there are one or more failures.

Organisational Security

Employee Background Checks

Members of Omniplex Learning who have access to user data are background checked as permitted by applicable law, and sign confidentiality agreements.

Employee Security Training

Omniplex Learning employees receive training in data privacy concepts and responsibilities, and are made aware of Omniplex’s commitment to privacy. This training is completed within one month of hire, and is refreshed on an annual basis.

In addition, Omniplex personnel are required to read and accept the Omniplex’s Code of Conduct and the statement of confidentiality and privacy practices upon their hire and to formally reaffirm them annually thereafter.