Bg4

Security & Compliance

At KREDO, security and compliance are at the core of our platform. We follow industry best practices to ensure your
data remains protected, encrypted, and accessible only to authorized users.

Hosting

KREDO is hosted on one of the most secure cloud storage solutions in the world: Microsoft Azure. 95% of Fortune 500 companies, governments and start-ups run on Microsoft Cloud. We implement disaster recovery plans with daily data backups.

SSL-encrypted connections

All connections to KREDO are secured with SSL encryption. This ensures that all the data sent is encrypted and in secure form, including course details and any other learning content

PenTest Certified

As part of our security policy, we conduct regular external penetration (ethical hacking) tests.

KREDO is audited

We take your privacy very seriously. That’s why we perform external audits to certify that your data is secure with us.

Constant Improvement

Our technical team is firmly committed to technology. That’s why we’re up to date with the latest software updates and security recommendations.

Continuous Monitoring

Our DevOps team continuously monitors and assesses system health. We keep on eye on things so you can work with peace of mind.

Password Protection

Your passwords are securely hashed, salted, and stored in encrypted servers, ensuring that the KREDO team cannot access them. If you want to know more about our GDPR compliance, please consult us.

Compliance and Privacy

Certifications

ISO 27001 certified.

GDPR Compliance

Working towards compliance with a target implementation by Q4 of 2024.

Vulnerability Assessment and Penetration Testing (VAPT)

Regularly conducted by third-party vendors.
Training Support

Application Security

Role-Based Access Control (RBAC)

Implemented to ensure users have access only to resources and actions permitted by their roles.

Data Encryption

Data is encrypted at rest using AES-256 and in transit using TLS to protect against unauthorized access.

Code Review

Utilized DependaBot for vulnerability checks and automated dependency management.

Annual Penetration testing

Conducted annually to identify and address potential security vulnerabilities.

Secure Coding Guidelines

Followed to mitigate common vulnerabilities such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
Image2

Content Security

Content Hosting

Content is hosted on private Azure blobs and served via Azure CDN.

Resource Storage

Documents and videos are stored in Box.com to restrict unauthorized downloads.
Call to Actions1

Endpoint Security

Firewall

Deployed on web servers to detect and prevent intrusions.

Code Review

Continuously monitored for vulnerabilities using DependaBot.

Identity Protection

Single Sign-On (SSO)

Integrated to streamline and secure user authentication.

Account Lockout

Mechanism in place to lock accounts after 5 unsuccessful login attempts.

Identity and Access Management (IAM)

Role-Based Access Control (RBAC) ensures users have access based on defined roles.

User Activity capture

Logs user activities for Audit trails.

Encryption

Sensitive Information in encrypted both in transit and at rest.
1 5
Everything You Need to Empower Engage and Evolve

Mail Security

SMTP Provider

Uses SendGrid for email communication, with SOC 2 Type 2 compliance and Standard Contractual Clauses in place.

Scalability

Auto-Scaling and Load Balancing

Auto-scaling and load balancing are managed with an AKS Cluster and NGINX Ingress Controller.

Monitoring

DevOps team monitors scalability using various tools.

Database Security and Backup

Backups

Daily backups are taken and stored on Azure default storage.

Encryption

Azure Database - Flexible Server uses FIPS 140-2 validated cryptographic modules for data encryption at rest and in transit.

Firewall

Configured to block all ports except for AKS cluster access from specified IP addresses.

Server Level Security

Firewall

Server-level firewall configured to block unnecessary ports.

SSH Access

Password-based SSH login is disabled; access is only possible via key-pair based authentication.

Security Updates

Regular updates are applied as released by Canonical and Azure.

FTP

FTP is disabled, and the FTP port is blocked.