Security and Trust
Securing your data, securing your trust
At Omniplex Learning, your data is protected. Our robust approach to security spans across our product, team, infrastructure, and processes, giving you peace of mind knowing that your valuable information is safeguarded.
We are committed to maintaining the highest industry standards and compliance regulations, earning the trust of our customers worldwide. Your security is our priority.
Omniplex Learning is ISO/IEC 27001 certified.
ISO 27001 is a globally recognised, standards-based approach to security that outlines requirements for an organisation’s information security management system (ISMS).
Omniplex Guide fully supports the General Data Protection Regulation (GDPR).
Single Sign On (SSO)
Omniplex Guide supports multiple Single Sign On (SSO) platforms to better manage & secure our users. We support Multi-Factor Authentication if configured through SSO.
Role-Based Access Control (RBAC)
Omniplex Guide allows organisations to set access controls to restrict capabilities based on specific roles and authorities.
Omniplex Guide stores every change, action, and event. This allows for easy auditing and root cause analysis.
Omniplex Guide is protected by the firewalls of our cloud service provider, Google Cloud Platform.
Data Security & Integrity
Data Encrypted At-Rest
All data hosted by Omniplex Guide is encrypted. Guide uses industry-accepted encryption products to protect data at rest.
Data Encrypted In-Transit
TLS 1.2/1.3 and HTTPS are used to protect data in transit.
As per our compliance with ISO/IEC 27001, all passwords are encrypted before they are stored.
Role-Based Access Control
User data is only able to be accessed by Omniplex personnel with relevant roles and authority.
Minimal Data Collection
Omniplex Guide only collects data that is vital to its operation. We do not store unnecessary data.
Omniplex Guide monitors access to its stored data to better identify potential data breaches.
Change Control Logging
Omniplex Guide employs a change control logging system so that all changes are visible, traceable, and attributable.
Data Protection Officer
Data Retention Policy
By default, Omniplex Guide will retain personal data about users for 7 years as long as you have an open account with us or as otherwise necessary to provide you with our services. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.
Static Application Security Testing (SAST)
Omniplex Guide uses static application testing to analyse source code for security vulnerabilities.
Data Breach Notification
If Omniplex Learning becomes aware of a security breach, we will notify affected users so that they can take appropriate protective actions. Our breach notification procedures are consistent with our obligations under applicable country level, state and federal laws and regulations, as well as any industry rules or standards applicable to us.
We are committed to keeping our clients fully informed of any matters relevant to the security of their data and to providing all information necessary for them to meet their own regulatory reporting obligations.
Omniplex Guide performs regular backups of user data using Google cloud storage. Backup data is retained across multiple physically separate zones within Google Cloud Platform (GCP) regions. Backups are encrypted in transit and at rest by industry accepted encryption methods.
Disaster Recovery Plan
Omniplex Learning has implemented a Business Continuity Plan (BCP) to minimise the impact of service outages caused by unforeseen factors (natural disasters, man-made events etc). Our Disaster Recovery Plan (DRP) ensures that our services are restored to the widest extent possible in a minimal timeframe.
Omniplex Guide uses auto-scaling technologies to ensure the correct amount of resources are allocated in order to handle increased traffic during busy periods.
Denial of Service Protection
Omniplex Guide utilises a defence in depth approach to preventing DoS and DDoS attacks, and further mitigation to reduce the impact of such attacks on our systems and our customers.
Omniplex Guide utilises a continuous integration and continuous development approach. Before code is integrated and pushed to production, it goes through a process of, peer review and source code control.
In order to avoid single point of failures, Omniplex Guide clusters its services and nodes to ensure we are able to serve our customers even if there are one or more failures.
Employee Background Checks
Members of Omniplex Learning who have access to user data are background checked as permitted by applicable law, and sign confidentiality agreements.
Employee Security Training
Omniplex Learning employees receive training in data privacy concepts and responsibilities, and are made aware of Omniplex’s commitment to privacy. This training is completed within one month of hire, and is refreshed on an annual basis.
In addition, Omniplex personnel are required to read and accept the Omniplex’s Code of Conduct and the statement of confidentiality and privacy practices upon their hire and to formally reaffirm them annually thereafter.