Security

If you have any legal notes regarding our processing of personal data or about Privacy Policy, Terms of Service or our Copyright policy you may contact legal@wearelearning.io

Security Overview

Last updated:

Our Commitments

  • Governance: A cross‑functional Security Steering Group (SSG) oversees our posture, reviews risks and KPIs at least quarterly, and reports to the Board.
  • Scope: Security covers all personnel and third parties; all environments (dev/stage/prod); and all assets including apps, cloud services, data stores, networks, endpoints, CI/CD, IaC, logs, and backups.
  • Identity & Access: Centralized identity with MFA by default, least‑privilege access, role‑based controls, periodic access reviews, and managed secrets.
  • Data Protection: Encryption in transit and at rest, managed keys, data classification and minimization, and protected, tested backups.
  • Secure Development: A secure SDLC with peer code review, automated testing and analysis (SAST/DAST/SCA), dependency hygiene, and CI/CD gating.
  • Vulnerability & Patch Management: Risk‑based prioritization (industry standard scoring + business context) with tracked SLAs and time‑boxed exceptions.
  • Monitoring & Incident Response: Continuous monitoring of networks, endpoints, services, and privileged activity with an established Incident Response Plan covering detection, containment, recovery, communications, and lessons learned.
  • Resilience: High availability architecture, autoscaling, multi‑zone designs, tested failover and recovery, and anti‑DDoS patterns.
  • Supply‑Chain Security: Risk‑based onboarding and tiering of suppliers, contractual security requirements, ongoing monitoring, and defined exit/transition steps.
  • People & Training: Mandatory security awareness training for all, with role‑based training for specialized functions.

Signals & Resources

  • Policy review cadence: annual (or on material change)
  • Contact: security@wearelearning.io
  • Assurance materials (Redacted Security Policy, SOC 2 status (currently in progress), pentest summaries): Provided under NDA upon request.

Any questions on this topic?

Sign up for newsletters

Don't miss out on our latest news. Get the inside knowledge on product updates and upcoming events.

Privacy policy
© WE ARE 2025