Knowledge Hub security
Where is Knowledge Hub hosted and how is its security managed?
Knowledge Hub is hosted across several secure cloud hosting facilities situated within the UK. These facilities are provided and managed by Amazon Web Services (AWS), with the virtual infrastructure supported by Rackspace, via a fully managed service from our partner PFI Knowledge Solutions Limited (PFIKS). AWS, Rackspace and PFIKS are ISO/IEC 27001 certified suppliers.
How is Knowledge Hub protected against threats to cyber security?
The Knowledge Hub uses the HTTPS protocol (TLS 1.2) providing a secure and encrypted connection for end users (256 bit). All Knowledge Hub data is protected at rest through enterprise grade encryption (AES-256), hosted on a cloud platform designed with information security as a top priority.
Access to the underlying data centres is limited to authorised supplier and contracted third-party personnel and is monitored 24 hours a day, seven days a week through closed circuit video surveillance and requires identification for access.
The Knowledge Hub uses ClamAV® an open source antivirus engine for detecting trojans, viruses, malware and other malicious threats when content is uploaded to the Knowledge Hub.
Knowledge Hub’s underlying software, Liferay, is regularly penetration tested and verified by Veracode. The Knowledge Hub platform as a whole is regularly penetration tested by an independent CHECK service provider.
How often is data backed-up?
Data is backed up multiple times daily, with backups stored across three physical locations within the UK. The recovery time objective for the service is 4 hours and the recovery point objective is 24 hours.
What is Knowledge Hub’s staff security protocol?
As owners and operators of the Knowledge Hub, our staff require access to all data across the site including members’ profile information, all public content items and content within all types of group. This site-wide access is essential to:
investigate and fix any errors with group or network functions;
investigate and fix any errors relating to an individual’s profile information or log in details;
investigate any issues relating to items of content that may be flagged by members;
identify and remove any spam content in public areas of the site.
Knowledge Hub staff members recognise that trust is one of the most important elements of a successful online community. We understand that members will only want to participate if they feel comfortable in the online environment. Knowledge Hub staff will not access or use your network/group content or private profile data for their own purposes, or any other reason, except:
in any of the above circumstances listed above, where some intervention is required to investigate and/or fix a problem;
if we are asked by you to carry out a task or investigate a problem.
What additional physical security is in place?
All staff laptops, phones and other electronic equipment used to access Knowledge Hub are regularly updated with the latest software applications and internet browsers. In addition, all equipment is password protected and kept securely at all times.
How can members keep their Knowledge Hub account secure?
Every individual registered on Knowledge Hub has their own password to access their account and may set their own profile privacy settings to a level of visibility, with which they feel comfortable.
Based on member feedback, Knowledge Hub does not have a password change policy, but we do have the ability to enforce a password change policy across the platform should it be required.
Some of our members and clients choose to use an external identity provider to log in, for example, the ‘sign in with Google’ option. We suggest you also read the privacy and security information of any third party provider you choose to use in this way.
However you choose to log in, please do not share your personal password with anyone else and ensure you have checked your privacy settings.