🟢End-to-End Data Encryption. All sensitive data is encrypted in transit using TLS 1.2+ and at rest using AES-256. For additional protection, application-level encryption is applied to critical fields.
🟢Secure Data Transmission. All data transmitted over public networks is encrypted using industry-standard protocols to prevent interception and unauthorized access.
Secure Authentication and Access Control
🟢Single Sign-On (SSO) Support. BeSavvy supports secure SSO authentication via Google and Azure, reducing the risk of credential-based attacks and ensuring seamless access management.
🟢Multi-Factor Authentication (MFA). We enforce MFA for employees and authorized users accessing sensitive systems to prevent unauthorized access.
🟢Role-Based Access Control (RBAC). Access to platform resources is restricted based on user roles (Admin, Course Author, Mentor) with granular permission levels (Edit, Comment).
🟢Session and Token Security. We use secure session management, including token expiration policies and refresh token rotation, to minimize security risks.
Privacy Protection & Compliance
🟢Data Minimization Approach. We collect and process only the data necessary for platform functionality, ensuring users' privacy is respected.
🟢GDPR & UK GDPR Compliance. Our data protection policies align with GDPR principles, including user rights to access, modify, and delete their data.
🟢Regular Compliance Audits. We conduct internal audits and gap analyses to ensure ongoing adherence to privacy regulations.
Regular Security Audits & Testing
🟢Signed Data Breach Response Plan. BeSavvy has officially approved and implemented a Data Breach Response Plan, outlining clear procedures for incident detection, response, and regulatory reporting. This plan is signed and in full compliance with UK GDPR requirements.
🟢Routine Vulnerability Assessments. BeSavvy conducts periodic security audits, penetration testing, and code reviews to identify and mitigate vulnerabilities.
🟢Automated Threat Detection. Continuous security monitoring helps us detect and respond to unusual activity in real-time.
Data Backup and Disaster Recovery
🟢Automated, Encrypted Backups. We maintain regular automated backups stored securely with AES-256 encryption to prevent data loss.
🟢Disaster Recovery Plan (DRP). A documented response strategy ensures quick data restoration and business continuity in case of incidents.
🟢Redundancy & Failover Systems. We deploy failover mechanisms to prevent downtime and ensure high availability of services.
User Control & Transparency
🟢User Account & Data Management. Users have full control over their accounts, including access to data deletion and modification options.
🟡Privacy Dashboard (Upcoming). We are developing user dashboards to allow better control over data visibility and preferences.
🟢Transparent Privacy & Terms. Our Privacy Policy and Terms of Service clearly outline data collection, usage, and security practices.
Compliance with Industry Standards
🟡Security Framework Alignment. Our security measures follow best practices outlined in ISO 27001 and NIST frameworks.
🟡Ongoing Compliance Roadmap. We are implementing structured plans to meet cybersecurity certification requirements, including Cyber Essentials and ISO 27001.
🔴Third-Party Certification. We plan to work with certified auditors to validate compliance with global security standards.
Commitment to Ongoing Improvement
🟢Adaptive Security Strategies. BeSavvy evolves its security measures in response to emerging cyber threats and industry advancements.
🟢Continuous Security Enhancements. We implement improvements based on the latest research, best practices, and regulatory changes.