How we’re securing and protecting
We respect and protect your personal data
At Adeption, we understand the significance and value of the data entrusted to us by our clients and stakeholders. Our commitment to safeguarding this data is unwavering and is at the very heart of our operations. Recognizing the rapidly evolving digital landscape and the complexities of modern cyber threats, we have implemented robust measures that encompass application security, identity protection, infrastructure security, and rigorous adherence to compliance and industry standards. This document serves to outline our comprehensive data security policies, reflecting our dedication to ensuring that our digital environments are resilient, secure, and trustworthy. Our approach to data security is not just about protecting our business; it’s about preserving the trust and confidence our clients have placed in us, and we are steadfast in our commitment to uphold and reinforce this trust every day.
Adeption’s information security policy is available here
We provide a secure platform environment
We are dedicated to giving our customers a highly secure and dependable environment since we know they want us to protect their data to the greatest standards. Our security model and controls are based on international standards and industry best practices, such as ISO 27001, and OWASP Top 10.
We engage in secure design and coding practices, engaging in secure application security practices as early as possible in our development cycle. We also consistently engage in ongoing testing and penetration testing on our application, to catch and remediate bugs that do make it through our development cycle.
Our controlled CI/CD process includes static code analysis, end-to-end testing, unit testing which addresses authorization aspects and more. You can read more about Adeption’s application security processes here
Adeption uses Azure AD (Active Directory) for identity management. Azure AD’s identity management capabilities improve security, simplify user access, and reduce the reliance on passwords, ultimately enhancing the overall security posture.
- Single Sign-On (SSO): Azure AD enables users to sign in once and access multiple applications and services without the need for separate passwords. This enhances convenience and productivity while reducing the risk of weak or reused passwords.
- Password Protection: Azure AD Password Protection helps prevent the use of weak or easily guessable passwords by enforcing custom password policies and blocking common password patterns. It helps protect against brute force attacks and significantly strengthens the security of user credentials.
- Multi-Factor Authentication (MFA): Azure AD supports MFA, which adds an extra layer of security by requiring users to provide additional verification factors (such as a mobile app notification, SMS code, or biometric data) during the sign-in process. MFA significantly reduces the risk of unauthorised access even if passwords are compromised.
We safeguard your data
Infrastructure security is crucial for maintaining the confidentiality, integrity, and availability of data and systems. We’ve partnered with Microsoft Azure, taking full advantage of their Cloud services. These services allow us to capture, process and store data securely while respecting data sovereignty.
Data Hosting and Storage
Adeption services and data are hosted across multiple Availability Zones in Microsoft Azure facilities in Dublin, Ireland (north-eu). We have also established a disaster recovery site in Amsterdam, Netherlands (west-eu). This allows us to provide a reliable service and keeps your data available whenever you need it. These data centres employ leading physical and environmental security measures, resulting in highly resilient infrastructure. Further information is available here.
Adeption encrypts all data both in transit and at rest:
- Traffic is encrypted using TLS 1.2 with a modern cipher suite
- User data is encrypted at rest across our infrastructure using AES-256 or better
- Credentials are hashed and salted using a modern hash function
Additional Infrastructure Security
Our infrastructure is protected using multiple layers of defence mechanisms, including:
- Firewalls for enforcing IP whitelisting and access through permitted ports only to network resources
- A web application firewall (WAF) for content-based dynamic attack blocking
- DDoS mitigation
- Comprehensive logging of network traffic, both internal and edge
Failover and DR
Adeption was built with disaster recovery in mind. All of our infrastructure and data are spread across 2 Azure datacenters and will continue to work should any one of those data centres fail.
Our latest Disaster Recovery (DR) plan is available here <link to be added>
Adeption complies with the internationally recognised standards for data protection and security (including GDPR requirements). A client or end user can request at any time to have their data removed or deleted from the platform and Adeption will do this.
Adeption monitors user inactivity and will flag users for deletion after three years of inactivity. At this time Adeption will contact the customer and determine if these users are to be removed from the Adeption Platform.
Note: If user data is deleted from the platform, users cannot reactivate this data. Adeption recommends that users maintain their account even after completing an experience so that this data is available for a future experience that they may engage in.
Adeption users have access to an independent arbitrator (AAA-ICDR) should they have any data protection concerns.
External Security Audits and Penetration Tests
Adeption regularly engages an independent third-party organisation to assess and evaluate the effectiveness of our security controls, practices, and policies, providing an objective perspective and validating the robustness of the data security measures in place. Adeption also conducts penetration tests on an annual basis both in the application and in the infrastructure level using well-known, independent auditors.
Adeption engages Subprocessors to power its platform and run the business. These partners maintain industry standards related to information security and data protection. Below is a full list of Adeption’s Subprocessors and how they use the data shared with them. Adeption Sub Processors
What personal data we collect and how use it
Adeption requires name and email address as mandatory information. This is the only mandatory personal identifiable information (PII) Adeption stores. Optional PII includes a user’s position, title and phone number. Adeption also stores non-personal information including: written responses to questions, photos or videos as a part of their coaching experience. Further information about the information that Adeption collects can be found in Adeption’s Privacy and Use of Data Policy.
We use AI in a considered way
Adeption applies innovative technology to engage users in coaching experiences leveraging the principles behavioral science. One such technology is Artificial Intelligence (AI) which Adeption applies in two ways:
- Tool and insight prediction
- Vertical mindset indication
Adeption has developed its own Proprietary AI (algorithms) to provide these features and range of leadership development solutions.
Find out more about how we use AI to scale high-quality leadership development here.
Additional security measures
All our employees undergo thorough information security awareness training during onboarding. Further security training is provided on a yearly basis.
Adeption has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
Adeption performs background checks on all new employees in accordance with local laws. The background check includes education verification, employment verification and criminal checks.
All employee contracts include a confidentiality agreement.Additionally all employees with privileged access need to sign additional system administrator confidentiality agreement.
Compliance with industry standards
At Adeption, we have a team dedicated to security, risk and compliance. The team is responsible for working to maintain and grow our security posture as the security landscape evolves. Adeption is in the process of obtaining ISO 27001 certification and aims to have this complete by Q1 2024.
If you would like any further information,
please get in touch