« Return to the main support page

Security

Skills Base Security statement

The security and privacy of your data is our highest priority. Some of the measures that we take to protect your information include:

  • Data Centers: Skills Base is hosted by default in the United States using world-class, highly secure data centers that are certified to comply with global standards including SOC 1/2/3, ISO 27001, PCI DSS and many more. European hosting in Frankfurt using the same world-class infrastructure is also available by request for an additional fee.
  • Transport Layer Security (TLS) encryption: TLS encryption (also known as HTTPS) is used during authentication requests to protect user credentials. Further, all paid license holders can activate TLS encryption full-time in order to encrypt all transmitted data between Skills Base and end-users.
  • Privacy Policy: All information that you store in our systems is strictly governed by the terms of our Privacy Policy. Specifically, we don't use your data for any other purpose than to maintain and administer the service for you, and we never share your information with third parties.
  • User Passwords: User application passwords have a minimum length requirement and passwords are individually salted and hashed in a one-way fashion at rest.
  • Account lockout: To protect users, Skills Base accounts are automatically locked for a period of 15 minutes in the event of 5 consecutive failed login attempts.
  • Single Sign On (SSO) integration: The use of SSO integration removes passwords from Skills Base and establishes a trust relationship with your organization's identity provider. This also means that users do not have to remember a separate password which they may be inclined to write down or forget. Further, SSO allows organizations to control password rules around complexity and frequency of changes.
  • Credit cards: We don't store, retain or ever even receive your credit card information. All transactions are processed by a secure 3rd party payment provider.
  • Data Portability: Skills Base enables your organizational Administrators to export your data so that you can maintain your own backup, or for archival or integration purposes.
  • Backup: We take complete backups of all data nightly for use in the case of a disaster.
  • Non-disclosure: Any person that is contracted or employed by Skills Base that must access data as part of their work is required to sign a legally-binding One-way confidentiality agreement.
  • Software design/development: Skills Base has been built completely in-house from the ground up using modern, best practice methodologies to meet the security and functional requirements of the modern-day Internet and World Wide Web. Our software engineers are the best in their field with decades of experience. We don't outsource any software development.
  • Minimization of information requirements: The amount of personally identifiable information we require to be stored in the system is limited to names and emails, however you can store more if you wish. We don't require any other personally identifiable information such as addresses, phone numbers, or credit cards. At any time you are able to export your data (as long as you have suitable privileges), and you have the option to delete data in the system whenever you require.


Handling breaches

If you become aware of a breach, you can report it to us using our contact form. Setting the "priority" to "high" triggers events at our end for rapid escalation. If we learn of a breach by any means, we will take action as soon as possible and notify any affected users so that they can take appropriate protective steps.


Configuring Permissions

Skills Base provides the ability for Administrators to control the things that users can see and do in Skills Base via Security Groups. For more information please refer to the Configuring Permissions support article.


Anonymizing data

Skills Base is only available as a Software as a Service (SaaS) solution which is hosted externally to your organization's in-house systems. For organizations that are uncomfortable hosting data in the Cloud, anonymizing data can be an intermediate strategy in gaining confidence and Executive buy-in. The following are some ways to anonymize data in the Cloud:

  • Instead of using employee names, you can consider using unique identifiers that are only identifiable by your company. (Note: This will prevent you from being able to take advantage of the Single Sign On feature)
  • You can consider minimizing the amount of personally identifiable information sent to Cloud systems. (Skills Base only requires names and emails)
  • Use of Single Sign On reduces the chance of employees selecting their organizational password as the password for use in external systems. (Skills Base offers Single Sign On)