ISO/IEC 27001

Omniplex Learning is ISO/IEC 27001 certified.

ISO 27001 is a globally recognised, standards-based approach to security that outlines requirements for an organisation’s information security management system (ISMS).

GDPR

Omniplex Guide fully supports the General Data Protection Regulation (GDPR).

Single Sign On (SSO)

Omniplex Guide supports multiple Single Sign On (SSO) platforms to better manage & secure our users. We support Multi-Factor Authentication if configured through SSO.

Role-Based Access Control (RBAC)

Omniplex Guide allows organisations to set access controls to restrict capabilities based on specific roles and authorities.

Audit Logs

Omniplex Guide stores every change, action, and event. This allows for easy auditing and root cause analysis.

Firewalls

Omniplex Guide is protected by the firewalls of our cloud service provider, Google Cloud Platform.

Data Encrypted At-Rest

All data hosted by Omniplex Guide is encrypted. Guide uses industry-accepted encryption products to protect data at rest.

 

Data Encrypted In-Transit

TLS 1.2/1.3 and HTTPS are used to protect data in transit.

 

Encrypted Passwords

As per our compliance with ISO/IEC 27001, all passwords are encrypted before they are stored.

 

Role-Based Access Control

User data is only able to be accessed by Omniplex personnel with relevant roles and authority.

Minimal Data Collection

Omniplex Guide only collects data that is vital to its operation. We do not store unnecessary data.

 

Monitoring

Omniplex Guide monitors access to its stored data to better identify potential data breaches.

 

Change Control Logging

Omniplex Guide employs a change control logging system so that all changes are visible, traceable, and attributable.

Privacy Policy

Omniplex Guide operates under Omniplex Learning’s privacy policy, which can be found here.

 

Data Protection Officer

Omniplex Learning uses a third-party Data Protection Officer, who is responsible for maintaining and enforcing our privacy policy. If you have a requirement to find out more about our data protection policy, we will put you in touch with them upon request.

Data Retention Policy

By default, Omniplex Guide will retain personal data about users for 7 years as long as you have an open account with us or as otherwise necessary to provide you with our services. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.

Data Backups

Omniplex Guide performs regular backups of user data using Google cloud storage. Backup data is retained across multiple physically separate zones within Google Cloud Platform (GCP) regions. Backups are encrypted in transit and at rest by industry accepted encryption methods.

 

Disaster Recovery Plan

Omniplex Learning has implemented a Business Continuity Plan (BCP) to minimise the impact of service outages caused by unforeseen factors (natural disasters, man-made events etc). Our Disaster Recovery Plan (DRP) ensures that our services are restored to the widest extent possible in a minimal timeframe.

 

Auto Scaling

Omniplex Guide uses auto-scaling technologies to ensure the correct amount of resources are allocated in order to handle increased traffic during busy periods.

Denial of Service Protection

Omniplex Guide utilises a defence in depth approach to preventing DoS and DDoS attacks, and further mitigation to reduce the impact of such attacks on our systems and our customers.

 

Continuous Integration/Deployment

Omniplex Guide utilises a continuous integration and continuous development approach. Before code is integrated and pushed to production, it goes through a process of, peer review and source code control.

 

Node Clustering

In order to avoid single point of failures, Omniplex Guide clusters its services and nodes to ensure we are able to serve our customers even if there are one or more failures.

Employee Background Checks

Members of Omniplex Learning who have access to user data are background checked as permitted by applicable law, and sign confidentiality agreements.

Employee Security Training

Omniplex Learning employees receive training in data privacy concepts and responsibilities, and are made aware of Omniplex’s commitment to privacy. This training is completed within one month of hire, and is refreshed on an annual basis.

In addition, Omniplex personnel are required to read and accept the Omniplex’s Code of Conduct and the statement of confidentiality and privacy practices upon their hire and to formally reaffirm them annually thereafter.