Security
You can feel confident that your employee data is safe while working with Learned.
We are operating from The Netherlands and our data is stored according to the highest standard for security regulations in Germany on the Google Cloud Platform. Learned is also ISO27001 certified, AVG compliant and a penetration test is performed once a year on the platform.
General information
ISO27001
Learned is ISO27001 certified by TUV Netherlands. The ISO certificate and declaration of applicability are available upon request.
AVG/GDPR compliant
Learned is GDPR compliant. Our data and server is stored in Germany at Google Cloud. More information can be found in our SLA and Data Processing Agreement.
99.99% uptime
The Learned platform is almost always available. Any updates are performed outside working hours.
“Learned’s Customer Success Team is always super accessible and easy to reach. When I need support, they help me right away.”
Sophie, HR manager Proxsys
Security
Communication
All communication with Learned (via chat or email) is always encrypted with the latest version of TLS.
Learned infrastructure
The data is stored at Google Cloud in Germany with a MongoDB database. See our Data Processing Agreement for more information about our IT landscape.
Encryption
TLS and authentication (SCRAM) are a standard part of Google Cloud. Data sent to the database (in transit) is encrypted using TLS. Encryption for data in rest is automated using Google Cloud Platform transparent disk encryption, which uses Advanced Encryption Standards (AES-256).
Single-Sign-On (SSO)
Logging in has never been easier with SSO from Microsoft Azure and Google.
(Forced) MFA
Additional verification is possible with MFA. Can also be made mandatory company-wide.
Authorization, Rights and Roles
Authorization can be set up manually or automatically through integration with the personnel administration system.
Need to know
Back-ups
Backups are automatically stored with Google Cloud. Per-minute backups (for point-in-time restore) can be restored. Backups are kept up to 7 days back and are stored encrypted.
Pen test
At least once a year, an external party performs a pen test on the Learned platform.
Security awareness
All employees must complete a training course on information security. Additional training is also organized several times a year.
Incidents
All information incidents are logged. Based on urgency and impact, incidents are resolved. See our SLA for more information.
Support
All users can chat in real-time with our support team for questions and/or incidents. See our SLA for more information.
Data export
Customers can always export their data from the platform without Learned’s intervention. For this, they can use CSV or PDF exports. Part of the SLA is an exit procedure.