Security at Yarno
The security of our platform, solutions and services is a top priority for Yarno. We recognise the trust that our customers place in us to keep their data safe and secure, and we take that responsibility seriously.
SOC 2 Type 2
Yarno is continuously audited against Service Organisation Control (SOC) 2 Type 2 by auditors AssuranceLab. We use Drata, a continuous compliance platform, to manage and monitor SOC 2 Type 2 controls, policies, and vendors.
SOC is a global reporting standard developed by AICPA. Service organisations use it to report on their operational and information security policies and procedures.
Encryption
Data is encrypted in transit and at rest using industry standard protocols (TLS/SSL for data in transit, and AES256 for data at rest).
Data security
We store your data in the cloud with Amazon Web Services (AWS), which has strong controls on data centre security. Yarno employees are trained in security best practices and can only access data they need to do their job (principle of least privilege).
Permissions and account security
Yarno allows customers to assign different roles to administer training, manage teams or groups, or access learning. Single Sign On (SSO) and Multi-Factor Authentication (MFA) options are available to secure customers' accounts.
Secure development and releases
Security is considered at all stages of our software development. Yarno code releases are peer reviewed and tested prior to release, including both manual and automated checks. We review updates in development and staging environments prior to release to production.
Monitoring and resiliency
Centralised logging, metrics and alerts are used to monitor for security and system events and automatically alert our team if required. We also conduct a third party penetration test at least once per year to proactively detect any vulnerabilities in our platform or security systems.
Frequently asked questions
What cyber security standards does Yarno follow?
Yarno has detailed security policies and controls in place, which have been externally audited by AssuranceLab and received SOC 2 Type 2 accreditation.
This blog post describes our journey to SOC 2 Type 2 in detail.
Where do you store my data?
We store data in the cloud on Amazon Web Services (AWS). Yarno’s AWS servers are located across multiple availability zones in Australia. AWS shares responsibility for some aspects of the system's security, such as the physical security of data centres. More information about AWS's controls to keep its data centres secure can be found here.
Where can I find Yarno’s Privacy Policy and Terms of Use?
You can find our Privacy Policy here, and our Terms of Use here.
Who can I speak to if I want to learn more or have a security concern?
You can email security@yarno.com.au.
