Security Policy

This Policy makes clear how e-Learn Design secures your data. By contracting with e-Learn Design, you acknowledge that your data will be managed in accordance with this Policy.

All e-Learn Design primary servers are located in data centres in London provided by OVH. These data centres are staffed 24/7 and controlled by badge access, with security provided by video surveillance and on-site security guards. OVH is certified ISO 27001:2005 for providing and operating dedicated cloud computing infrastructures and is based on the ISO 27002 and ISO 27005 security management and risk assessment norms and associated processes. All physical hardware is PCI DSS compliant and bears the BSI Kitemark.

All e-Learn Design secondary servers are located in Frankfurt, also provided by OVH with the same security and certifications/compliances as for London. These data centres are designated for DR and BCP purposes unless otherwise requested by a client.

Each server is built to e-Learn Design specifications, designed specifically for hosting the Moodle/IOMAD application using Ubuntu Server and MariaDB. Each server has its own individual firewall and Intrusion Detection Software (IDS). IDS software is also running on the OVH infrastructure, automatically performing quarantine actions during any suspect network traffic to prevent further unwanted traffic. e-Learn Design agents use a secure password database with two-form factor authentication (2FA) to access account details for servers and sites.

e-Learn Design monitor all internal and Client servers using Nagios and Munin to provide 24/7 alerts on emerging or critical issues such as filesystems filling up, high server load, or issues with web connections.

e-Learn Design servers are built upon a VMWare ESX Cluster, which has redundant physical servers backed by redundant SAN-based disks. This infrastructure is designed to continue to run in the event of any physical hardware failure in a server, disk or network.

All e-Learn Design servers are backed up to an encrypted offsite location nightly. Backups are kept for 30 days. An encrypted copy of the Moodle/IOMAD application files is synced nightly to a different offsite location to allow for a quicker copy of the last backup to the server in case of site failure.