Data Security Policy
Here at ITCPEacademy.org we take data security and privacy very seriously and we continuously look for opportunities to make improvements.
 
While it would not be prudent to share too much about what we do to protect our systems (since we would be effectively assisting malicious individuals who might try to compromise them), we can provide some general information about steps we take to keep our customers safe. Below are the measures we employ for securely storing the data.
Protection from Data Loss & Data Corruption
• Regular Backups
Databases are mirrored and backed up off site, across multiple facilities. We keep daily database backups.
• Customer data regulation
We never move user data outside of our secured environment for testing or any other reason.
Application Level Security
• Password salting and hashing
ITCPEacademy uses the most up-to-date and secure cryptographic methods. Admin Passwords are salted and hashed and never stored or transmitted as plain text. Employees cannot view or manually change passwords. If you forget your password it cannot be retrieved, even by our own CTO – the password must be reset by you.
• Encrypted Data Storage
All user passwords are salted and hashed and never stored or transmitted as plain text.
We do not store credit card details on our infrastructure. All credit card transactions are processed using secure encryption on a PCI-Compliant network.
• HTTPS everywhere
ITCPEacademy forces all requests over HTTPS, ensuring all traffic between our system and the user’s browser is encrypted. This means that anyone trying to eavesdrop on this data will not be able to decrypt and access the underlying data. ITCPEacademy uses TLS 1.2 exclusively, throughout its site and subdomains.
• XSS vulnerability avoidance
All user inputs are properly treated to ensure that XSS vulnerabilities are avoided.
 
Secure Software Development Life Cycle
• Vulnerability Scanning & Patching
We have automated systems in place that monitor all the software infrastructure that powers ITCPEacademy for new versions and vulnerabilities. Our infrastructure is updated regularly with the latest security patches. Moreover, our in-house security expert is constantly on the lookout for things that could jeopardize our systems, ready to intervene. We test our systems regularly through simulated attacks from the outside and in.
• Secure File storage
Your uploaded files can only be accessed through ITCPEacademy. Our students can only access files intended for them. Only authorized ITCPEacademy personnel can access your files, on a strict per-need basis.
• Internal Controls
For our employees, access rights and levels are based on job function and role, on a need-to-know basis, match defined responsibilities. All employees must abide by our policies about protecting customer data.
• Security by design
Our code is being developed following the latest patterns and industry best practices, and is constantly reviewed. Clear, readable and well-maintained code means secure systems.
• Key management
We keep our keys secret and out of version control, to ensure access to critical resources cannot be compromised.
 
Data Center Security
The GDPR requires controllers and processors of personal data to “implement appropriate technical and organizational” measures to ensure a sufficient level of security.
 
ITCPEacademy is a Google Cloud partner so we primarily use top-notch Google Cloud Platform servers as our third-party cloud storage subcontractor and we do not host customer data on our premises.
 
This means that all our servers are located at Google premises, in different world-class data centers around the world:
• East USA (South Carolina & Virginia, USA, North America)
• Central EU (Frankfurt, Germany, Europe)
• South America (São Paulo, Brazil, South America)
• Southeast Asia (Singapore, APAC)
Google Cloud Platform is a leading cloud provider, and holds industry best security certifications, such as SOC2/3 and ISO27001, and provides encryption in transit and at rest, without any action required from our customers. All servers are protected by biometric locks and round-the-clock interior and exterior surveillance monitoring. Only authorized personnel have access to the data center. 24/7/365 onsite staff provides additional protection against unauthorized entry and security breaches. For more info on Google Cloud Platform physical server security check here.
• High availability.
We’ve designed ITCPEacademy to ensure high availability throughout the platform. At every layer of the stack, we have a suite of contingency mechanisms, including automatic failover, to ensure 24/7 application availability.
 
Protecting ITCPEacademy against rogue or hacked users
We can secure ourselves, but if your computer gets compromised or someone gets into your ITCPEacademy account, that’s not good for either of us. Therefore:
• We monitor and will automatically suspend accounts for signs of irregular or suspicious login activity.
• Certain changes to your account, such as to your password, will trigger email notifications to the account owner.
• We monitor accounts and school activity for signs of abuse (both via automatic notifications and human reviewers).
 
Disclosure
We are working continuously to make our systems secure. But modern software is amongst the most complex artefacts ever created by humans and cybersecurity is a moving target. If you do find any security issues, whether you are a user or security expert, please reach out to us at support@executiveitforums.com We will make sure the issue is fixed and updated ASAP.
            While it would not be prudent to share too much about what we do to protect our systems (since we would be effectively assisting malicious individuals who might try to compromise them), we can provide some general information about steps we take to keep our customers safe. Below are the measures we employ for securely storing the data.
Protection from Data Loss & Data Corruption
• Regular Backups
Databases are mirrored and backed up off site, across multiple facilities. We keep daily database backups.
• Customer data regulation
We never move user data outside of our secured environment for testing or any other reason.
Application Level Security
• Password salting and hashing
ITCPEacademy uses the most up-to-date and secure cryptographic methods. Admin Passwords are salted and hashed and never stored or transmitted as plain text. Employees cannot view or manually change passwords. If you forget your password it cannot be retrieved, even by our own CTO – the password must be reset by you.
• Encrypted Data Storage
All user passwords are salted and hashed and never stored or transmitted as plain text.
We do not store credit card details on our infrastructure. All credit card transactions are processed using secure encryption on a PCI-Compliant network.
• HTTPS everywhere
ITCPEacademy forces all requests over HTTPS, ensuring all traffic between our system and the user’s browser is encrypted. This means that anyone trying to eavesdrop on this data will not be able to decrypt and access the underlying data. ITCPEacademy uses TLS 1.2 exclusively, throughout its site and subdomains.
• XSS vulnerability avoidance
All user inputs are properly treated to ensure that XSS vulnerabilities are avoided.
Secure Software Development Life Cycle
• Vulnerability Scanning & Patching
We have automated systems in place that monitor all the software infrastructure that powers ITCPEacademy for new versions and vulnerabilities. Our infrastructure is updated regularly with the latest security patches. Moreover, our in-house security expert is constantly on the lookout for things that could jeopardize our systems, ready to intervene. We test our systems regularly through simulated attacks from the outside and in.
• Secure File storage
Your uploaded files can only be accessed through ITCPEacademy. Our students can only access files intended for them. Only authorized ITCPEacademy personnel can access your files, on a strict per-need basis.
• Internal Controls
For our employees, access rights and levels are based on job function and role, on a need-to-know basis, match defined responsibilities. All employees must abide by our policies about protecting customer data.
• Security by design
Our code is being developed following the latest patterns and industry best practices, and is constantly reviewed. Clear, readable and well-maintained code means secure systems.
• Key management
We keep our keys secret and out of version control, to ensure access to critical resources cannot be compromised.
Data Center Security
The GDPR requires controllers and processors of personal data to “implement appropriate technical and organizational” measures to ensure a sufficient level of security.
ITCPEacademy is a Google Cloud partner so we primarily use top-notch Google Cloud Platform servers as our third-party cloud storage subcontractor and we do not host customer data on our premises.
This means that all our servers are located at Google premises, in different world-class data centers around the world:
• East USA (South Carolina & Virginia, USA, North America)
• Central EU (Frankfurt, Germany, Europe)
• South America (São Paulo, Brazil, South America)
• Southeast Asia (Singapore, APAC)
Google Cloud Platform is a leading cloud provider, and holds industry best security certifications, such as SOC2/3 and ISO27001, and provides encryption in transit and at rest, without any action required from our customers. All servers are protected by biometric locks and round-the-clock interior and exterior surveillance monitoring. Only authorized personnel have access to the data center. 24/7/365 onsite staff provides additional protection against unauthorized entry and security breaches. For more info on Google Cloud Platform physical server security check here.
• High availability.
We’ve designed ITCPEacademy to ensure high availability throughout the platform. At every layer of the stack, we have a suite of contingency mechanisms, including automatic failover, to ensure 24/7 application availability.
Protecting ITCPEacademy against rogue or hacked users
We can secure ourselves, but if your computer gets compromised or someone gets into your ITCPEacademy account, that’s not good for either of us. Therefore:
• We monitor and will automatically suspend accounts for signs of irregular or suspicious login activity.
• Certain changes to your account, such as to your password, will trigger email notifications to the account owner.
• We monitor accounts and school activity for signs of abuse (both via automatic notifications and human reviewers).
Disclosure
We are working continuously to make our systems secure. But modern software is amongst the most complex artefacts ever created by humans and cybersecurity is a moving target. If you do find any security issues, whether you are a user or security expert, please reach out to us at support@executiveitforums.com We will make sure the issue is fixed and updated ASAP.

