Security

At Differ we really care about the security of your data and ours. We have implemented and will maintain appropriate technical and organizational measures to protect any personal data against misuse and accidental loss or destruction. Below you will find a summary of our security measures implemented to ensure the protection of your data.

Updated 1st August 2016 - 2 min read

Summary of security measures

1. Data

At Differ we really care about the security of your data and ours.We have implemented and will maintain appropriate technical and organizational measures to protect any personal data against misuse and accidental loss or destruction. Below you will find a summary of our security measures implemented to ensure the protection of your data.

2. Data Centers

The data of the users of the services of EdTech Foundry is encrypted by Auth0 and stored on Google Cloud, further details about the measures taken by both Google cloud and Auth0 to secure their facilities and services can be found here: https://cloud.google.com/security/ and here  https://auth0.com/security

4. Authentication and access control

EdTech Foundry internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. Therefore all the devices with access to internal data, databases and user’s data are required to have a lock screen and to use disk encryption. EdTech Foundry uses two-factor authentication (2FA) and strong password policies. Data access is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks and a need to know basis

5. Personnel security

The EdTech Foundry personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Personnel are required to sign a non-disclosure agreement and must acknowledge receipt of, and compliance with, the EdTech Foundry’s confidentiality and privacy policies. Personnel are provided with security training. 

Also, employees need key cards to access to the office, and unauthorized access is not possible.  

Our employees work on computers and to do so, their computers are secured with firewalls. Access to internal systems requires a secure VPN tunneled connection. 2-step authorization is required for access to all services that handles data and software development pipelines.

6. Sub-processor security

Prior to onboarding Subprocessors, EdTech Foundry AS has conducted a check of the security and privacy practices of Subprocessors to ensure they provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Before using suppliers to process the data, EdTech Foundry ensures that the contract governing the relationship between us and our suppliers commits the high requirements required by the Norwegian law and the European legislation on security, users rights and data privacy. Suppliers may be located outside of the European Union, in the US for example. You can find an updated list of our suppliers that process personal data on our behalf here.  Before sending your personal data to our suppliers in order to process it, we made sure that they provide the same level of protection of your personal data as us in the European Economic Area. Therefore we have signed an agreement provided by the European Commission called EU Model clauses with each of our data processing suppliers to ensure that they provide adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms, in other words, your personal data is as much protected as if it was still in the EU/EEA. The list of our suppliers and our agreements with them to protect your personal data has been sent to the Norwegian Data Protection Authority.