Skip to content

Security

Realizeit's enterprise-grade security, reliability, and compliance program keeps your organization's data safe, so you can stay focused on the success of your learning platform.

shutterstock_1941541432 Pop-Security-Hero-Desktop-1
Cyber-Essentials-Badge-High-Res-370x160
ametek-mro-aem-joscar-renewal_en_1-370x160
iasme-gdpr-logo-370x160
badge_ecovadis-bronze-370x160
privacy_shield-370x160
aws-logo-370x160
gdpr-370x160
w3c-370x160

Security

Cloud Hosting Solution

Cloud Hosting Solution

Amazon Web Services (AWS) is our Cloud Service Provider (CSP). The infrastructure of the Realizeit platform, including all client data, is housed securely in Amazon data centers in the USA or EU.

AWS is known for industry-leading security measures and privacy policies. AWS adheres to security controls for ISO 27001, ISO 22301, ISO 27017, ISO 27701, ISO 27018, SOC1, SOC2, SOC3, PCI DSS Level 1, HITRUST, FISMA, FedRAMP, MTCS, CyberGRX Third-Party Risk Management, the CSA Cloud Control Matrix, and more.

More information on AWS compliance offerings can be found here.

Each client has their own individual & private virtual environment in AWS. All hosted client data remains the property of the client.

Encryption

Encryption

We use industry-standard secure transport protocols (TLS 1.2) for all data in transit. Data at rest is encrypted using an industry standard AES-256 symmetric key.

Data Loss Prevention

Data Loss Prevention Measures

Background checks are mandatory for all Realizeit employees. Information Security Training is required upon initial hire and annually thereafter. Access to client data is strictly controlled on principles of least privilege, utilizing RBAC, MFA, VPN firewall with final access via a remote desktop server using strict DLP controls (i.e., jump box). Access is limited to a few database administrators and operations personnel supporting client accounts.

Realizeit implements 3rd-party security monitoring, detection, response and testing e.g. Penetration testing completed twice each year through BSi Cybersecurity.

Physical Security

Physical Security

Physical security of data centers is managed by Amazon Web Services. Data centers managed by Amazon have extensive layers of protection: access approval at the facility’s perimeter, at the building’s perimeter, inside the building, and on the data center floor. All Amazon Data Centers maintain state-of-the-art physical security, including 24x7x365 surveillance, environmental protection, and extensive secure access policies.

Reliability

Adaptable Performance

Adaptable Performance

Our services are hosted in AWS’ cloud platform which allows us to easily scale-up (increase the capabilities of each server in the system) and scale-out (add more servers to the system) using AWS supported elastic approaches. We have successfully tested both scale-up and scale-out scenarios in order to handle an increased load. These tests simulate loads from organizations from 10,000 to several 100,000s of users. Thanks to the strong elastic scaling functionality, Realizeit can easily expand to meet the needs of any changing organization.

BC/DR

Business Continuity/Disaster Recovery (BC/DR)

Realizeit provides a highly available real-time replicated SaaS offering. Using the capabilities of each AWS Region and its multiple Availability Zones (AZs), Realizeit has created a fully replicated server solution across availability zones in both the AWS USA and separately in the AWS EU region. The primary servers are replicated on to secondary (failover BC/DR) servers these servers are maintained in a fully mirrored state. Upon a failure of the primary servers a seamless failover to the secondary servers occurs with no data loss of committed actions. The secondary server site is always available when the data center hosting the primary servers fail.

The AZs are fully isolated partitions of the AWS infrastructure. Each has its own utilities e.g. internet, power, water, other infrastructure, and each Availability Zone is physically separated from any other zones. Physical distance is maintained between AZ sites with each AZ distanced up to 60 miles from each other.

Using Real-time AWS based AZ and region capabilities together with synchronous database replication and automated failover detection. Realizeit provides all customers with outstanding BC/DR performance.
Standard service availability SLA for the Realizeit Platform is 99.9% in any given month, excluding scheduled maintenance.

Compliance

Cyber Essentials

Cyber Essentials

Realizeit is security audited annually for Cyber Essentials.

Privacy Shield

Privacy Essentials

We comply with the EU-U.S. Privacy Shield Frameworks.

GDPR

GDPR

As a data processor, Realizeit complies with GDPR requirements and is prepared to assist clients in meeting their GDPR obligations as data controllers.

Privacy Policy

Privacy Policy

We respect the privacy of our users and strive to provide a safe, secure online experience.

Read Here.

SOC 2

SOC 2 Type II (planned)

Realizeit is on track to become SOC2 compliant by Summer 2023. The SOC2 auditing process will ensure our policies, practices, and controls securely manage client data and protect the privacy of our users. Realizeit will continue to implement best practices including developing support for relevant NIST/ISO frameworks.

JOSCAR-Registered

JOSCAR Registered

JOSCAR is a collaborative tool used by the aerospace, defense, and security industry to act as a single repository for pre-qualification and compliance information. Realizeit is JOSCAR-registered so buyers can more easily determine that we are “fit for business.”

Accessibility

Accessibility

Realizeit has been assessed by a third party for WCAG 2.0 AA accessibility. We adhere to the Americans with Disabilities Act, and a 508c VPAT is available.

Sustainability

Sustainability

Realizeit has been assessed for compliance with environmental standards, labor and human rights practices, ethics, and sustainable procurement, receiving a bronze sustainability rating from EcoVadis.

Want even more details?

Check out our Privacy Policy which outlines what data we collect, how we store it and all the comprehensive ways we’re working to protect privileged information.

Ready to learn more?
Get in touch with us