Here at Trainual, customer data is protected as if it was directly managed and owned by the team here. Security is at the forefront of everything and is something proactively approached. Trainual constantly looks for ways to secure and harden the application and to improve overall security posture to protect the business.
Being an international team with dozens of employees brings its own set of difficulties, and that’s why Trainual ensures that all employees here understand and participate in securing the Trainual platform. At Trainual, everyone is involved in developing, implementing, and complying with internal security policies.
A few quick facts about Trainual’s security posture:
📚 Learn more about Trainual's policies:
👀 Looking for additional security details? Click on the links below to jump to these sections of this article.
👇 Let's dive in! 👇
Trainual’s Security Cornerstone: Zero Trust Architecture
The Trainual approach to cyber security has been developed through a lens of zero trust to ensure protection of the entire security surface. The security team here applies a layered approach to threat modeling and implements specific security controls in each of the identified layers.
Database Security Layer: Protecting Your Data
Trainual is constantly taking the proper precautions to safeguard data, and in the unlikely event of a crash or breach, all data is backed up remotely each day. Data is stored on cloud-based services that are PCI-DSS, ISO 27000, and SOC 1-2-3 compliant and backed up daily.
📝 Please note: While Trainual's data storage layer is compliant with these policies and while the security philosophy here is guided by SOC2, the Trainual platform is not fully SOC2 compliant. If your team needs to be specifically industry compliant in any of these categories, please consult an industry representative who can verify for you if the Trainual platform meets those requirements.
🔍 Learn more about the Cloud Providers:
Google Cloud's Compliance Resource Center
Amazon Web Services (AWS) PCI DSS Information
Network Security Layer: Protecting Communications
Trainual utilizes Cloudflare as the core network security provider. Cloudflare stops brute-force attacks and hacking attempts, filtering out most of the spam attacks at the DNS level so that such requests don't even hit Trainual’s server. Cloudflare protects Trainual websites from DDOS attacks, SQL injections, comment spam, and much more.
Code Base Security Layer: Supply Chain Protection
Trainual is regularly undergoing analysis to adjust to the changing security landscape. The application has been built on a modern technical stack and is constantly being updated as new vulnerabilities are discovered within the broader security community.
Endpoint and Server Security Layer: Intrusion Detection & Anti-malware System
Trainual's next-generation antivirus (NGAV) system provides unmatched prevention capabilities protecting against malware, ransomware, fileless, and even malware-free attacks. The threat intelligence integration immediately assesses the origin, impact, and severity of threats in the environment and provides recovery guidance for decisive incident response and remediation.
Trainual is committed to taking notice from reports submitted by independent security researchers and patching any security findings as soon as possible. If requested, Trainual is willing to give back public credit for these reported findings as long as the supporting research is bound to our Responsible Disclosure Agreement and follows the guidelines stated in the document.