Security Policy
Last updated: October 27, 2024
This Security Policy describes the measures Attestnode takes to protect the information and systems associated with our platform. By using our services, you acknowledge the practices described in this document.
1. Scope
This policy applies to all systems, networks, applications, and data managed by Attestnode in connection with the delivery of its online education and seminar services. It covers internal operations, user-facing platforms, and any third-party integrations used in the provision of services.
2. Data Protection Principles
Attestnode applies the following core principles when handling user data:
Minimisation: We collect only the data necessary to deliver and improve our services.
Purpose limitation: Data is used only for the purposes for which it was collected and is not repurposed without appropriate notice.
Accuracy: We take reasonable steps to ensure that stored data remains accurate and current.
Retention limits: Data is retained only as long as necessary for operational, legal, or contractual requirements.
3. Technical Security Measures
3.1 Encryption
All data transmitted between users and our platform is encrypted using industry-standard Transport Layer Security (TLS). Sensitive data at rest is encrypted using current best-practice algorithms. Encryption keys are managed and rotated according to internal security procedures.
3.2 Access Controls
Access to production systems and user data is restricted to authorised personnel only. Role-based access control is enforced across all internal systems. Multi-factor authentication is required for privileged access. Access rights are reviewed periodically and revoked promptly upon personnel changes.
3.3 Network Security
Our infrastructure is protected by firewalls, intrusion detection systems, and network segmentation. Unnecessary ports and services are disabled. External-facing systems are monitored continuously for anomalous activity.
3.4 Vulnerability Management
We conduct regular vulnerability assessments and apply security patches in a timely manner. Critical updates are prioritised and applied as soon as practicable following disclosure. Penetration testing is performed periodically by qualified parties.
3.5 Logging and Monitoring
System and application logs are collected, retained, and reviewed for suspicious activity. Automated alerts are configured for defined threat indicators. Logs are stored securely and protected from unauthorised modification.
4. Organisational Security Measures
4.1 Personnel
Team members with access to sensitive systems are subject to background verification appropriate to their role. All personnel receive security awareness training upon onboarding and on a recurring basis. Acceptable use policies are in place and acknowledged by all staff.
4.2 Third-Party Providers
We evaluate the security practices of third-party service providers before engagement. Data processing agreements are established with providers who handle personal data on our behalf. Provider security posture is reviewed periodically.
4.3 Physical Security
Infrastructure is hosted in facilities that maintain physical access controls, environmental safeguards, and redundancy measures appropriate to commercial cloud or data centre environments.
5. Incident Response
Attestnode maintains an internal incident response process to detect, contain, and remediate security events. In the event of a confirmed breach affecting user data, we will:
Contain the incident and prevent further unauthorised access as quickly as possible.
Assess the scope, nature, and potential impact of the event.
Notify affected users and relevant parties within a timeframe consistent with applicable obligations and the severity of the incident.
Document the incident, our response actions, and any remediation steps taken.
Post-incident reviews are conducted to improve processes and reduce the likelihood of recurrence.
6. Business Continuity and Availability
Attestnode maintains backup and recovery procedures to support service continuity in the event of system failure or disruption. Backups are performed regularly, stored securely, and tested periodically for restorability. Recovery time and recovery point objectives are defined internally and reviewed as part of our continuity planning.
7. Secure Development Practices
Security is integrated into our software development lifecycle. Code changes undergo review before deployment. We follow established secure coding guidelines to mitigate common vulnerability classes. Dependencies are monitored for known vulnerabilities and updated accordingly.
8. User Responsibilities
Users of the Attestnode platform share responsibility for maintaining the security of their accounts. Users are expected to:
Choose strong, unique passwords and protect their credentials from disclosure.
Enable any available account security features, such as multi-factor authentication where offered.
Notify us promptly if they suspect unauthorised access to their account.
Avoid using the platform in ways that could introduce risk to other users or our systems.
9. Reporting Security Concerns
We encourage responsible disclosure of potential security vulnerabilities. If you identify a security issue affecting our platform, please contact us directly before publishing or sharing the information publicly.
To report a concern, contact us at:
Email: contact@attestnode.sbs
Phone: +1 519 745 3531
Address: 234031 AB-53, Ponoka County, AB T4J 1R1, Canada
We will acknowledge receipt of valid reports and work to address confirmed issues in a timely manner. We ask that reporters act in good faith and refrain from accessing, modifying, or disclosing data beyond what is necessary to demonstrate the vulnerability.
10. Changes to This Policy
Attestnode may update this Security Policy from time to time to reflect changes in our practices, technology, or applicable requirements. The date at the top of this document indicates when it was last revised. Continued use of our services following the posting of an updated policy constitutes your acknowledgement of the changes.
11. Contact
For questions about this Security Policy or our security practices generally, please reach out through any of the channels listed in Section 9 above.