Data is encrypted in transit and at rest using industry standard protocols (TLS/SSL for data in transit, and AES256 for data at rest).
We store your data in the cloud with Amazon Web Services (AWS), which has strong controls placed on data centre security. Yarno employees are trained in security best practices, and can only access data they need to do their job.
Permissions and account security
Yarno allows customers to assign different roles to administer training, manage teams or groups, or access learning. SSO and MFA options are available for customers to secure their accounts.
Secure development and releases
Security is considered at all stages of our software development. Yarno code releases are peer reviewed and tested prior to release, including both manual and automated checks. We review updates in development and staging environments prior to release to production.
Monitoring and resiliency
Centralised logging, metrics and alerts are used to monitor for security and system events and automatically alert our team if required. We also conduct a third party penetration test at least once per year to proactively detect any vulnerabilities in our platform or security systems.
Frequently asked questions
What cyber security standards does Yarno follow?
Yarno has detailed security policies and controls in place, which have been externally audited by AssuranceLab and received SOC 2 Type 2 accreditation.
This blog post describes our journey to SOC 2 Type 2 in detail.
Where do you store my data?
We store data in the cloud on Amazon Web Services (AWS). Yarno’s AWS servers are located across multiple availability zones in Australia. AWS takes on a shared responsibility in some aspects of the system's security, such as the physical security of data centres. More information can be found here about AWS's controls to keep its data centres secure.
Who can I speak to if I want to learn more or have a security concern?
You can email firstname.lastname@example.org, and we will get back to you as soon as we can.