Data Security Statement

At Skillcast Group plc, we understand the importance of earning and keeping your trust. That's why we take data security extremely seriously.

This Data Security Statement outlines our commitment to protecting the privacy and confidentiality of the information you entrust to us.

Visit Skillcast Trust Center for more information about our security policies, compliance and audit reports.

Trust

Skillcast Group plc does not sell, rent, or provide customer corporate or personal data to third parties. We only use customers' data to provide them with the services they have contracted with us.

Standards

Skillcast Group plc is accredited with ISO 27001, Cyber Essentials and Cyber Essentials Plus. It is currently working towards SOC2.

We use Drata to monitor our information security controls and maintain visibility in real-time security postures.

QMS_Cyber_Essentials_Logo_update

 

Infrastructure

Our application is powered by Microsoft Azure (Azure) cloud storage and computing. Azure continuously maintains certification for a variety of global security and compliance frameworks. For more information about their certifications and compliance practices, please visit the Azure Security site.

Application Security

  • We retain tight control over all components of the IT Infrastructure where the Customer's Personal Data is stored and processed.
  • We use Microsoft Azure datacentres, which use state-of-the-art physical security.
  • We have implemented high cyber-security protection for all components of IT Infrastructure, including Web Application Firewall, DDoS and bot protection, Intrusion Prevention and Detection System, network traffic monitoring, firewalls set up most tightly, encryption requirements and tight security policies for portable devices such as laptops, and centrally managed antivirus protection for all servers and user machines.
  • We employ certified third-party experts to conduct annual Infrastructure and Application Penetration Testing.
  • We conduct functional, regression, security and usability testing and code reviews to ensure consistent quality in our software development practices.
  • We conduct internal Infrastructure Vulnerability scans at least once a month or after any relevant change and regularly apply security patches to vulnerable components.
  • We use secure and encrypted VPN connections between different sites.
  • We use multifactor authentication to access client portals where personal data is stored and processed.
  • We have implemented Advanced Encryption Standard (AES) 256-bit key encryption for data at rest, HTTPS, and SFTP protection for data transfer.
  • We maintain the segregation of each Service Recipient's data.
  • When you purchase a paid Skillcast Basic subscription, your credit card data is not transmitted through nor stored on our system. We use Stripe, a PCI Level 1 Service Provider, to process your card information. 

Workplace Security

  • We actively manage all company laptops and desktops and can wipe them remotely.
  • We require screensaver locks, full disk encryption, anti-malware protection and automatic updates to be enabled.
  • We secure access to services, source code, and third-party tools with two-factor authentication whenever possible.
  • We give employees the lowest level of access they need to perform their roles. Access to personal data is limited to customer success managers. Other employees are barred from access to personal data without a "need to know".
  • We provide regular employee training and extra training for Customer Success Managers.
  • We maintain automatic logging of all activity on client portals.
  • We log all user and administration activity and data access.
  • We conduct background checks on all employees and include confidentiality clauses in all employee contracts.
  • We secure our offices and maintain a clean desk policy.

Data Protection & Disaster Recovery

  • We maintain redundancy and high availability of the critical parts of the infrastructure with robust backup and disaster recovery solutions.
  • All of our infrastructure is hosted and backed up in the cloud on Azure.
  • We leverage multiple Azure instances to store customer data redundantly.
  • Our data is automatically backed up daily, and we regularly test that our backups are working and can be easily restored.

Disclosure

If you suspect any vulnerability in the Skillcast Group plc application, please contact us at itsecurity@skillcast.com.

We review all security issues reported to us and address them proactively.