Security

Confidentiality, resilience and protection of data is at the core of our work, from how we configure our learning platforms and develop scenarios, to how we screen our roleplayers, manage projects and handle backups.

  • Our products are security-tested regularly as part of our Cyber Essentials Plus certification (see below)
  • Our hardened infrastructure is managed directly by our team and located in trusted ISO27001-certified datacentres in the UK and France, with 24/7 automated monitoring
  • While our technology is highly reliable, for our live crisis workshops and simulations, we have live failover servers on standby at all times
  • Participants access our products over an encrypted connection (https/TLS) using a regular laptop, tablet or mobile device and a modern web browser – no special plugins are required
  • We decommission client platforms shortly after each workshop or exercise so they are no longer accessible over the internet and the data is either deleted completely or encrypted and stored securely according to client preferences.

Our Cyber Essentials Plus certification

Cyber Essentials Plus

Sector: Professional, scientific and technical
Certificate number: IASME-CE-016961
Certificate level: Cyber Essentials
Date issued: 23/04/20
Certification Body: IASME

Cyber Essentials (CE) is UK Government-backed, industry-supported, scheme for organisations to independently audit their preparedness for online threats.

Cyber Essentials is required for all Government contracts involving handling personal or sensitive information. There are 2 levels, Cyber Essentials and Cyber Essentials Plus. Helpful have held continuous certification since 2017, and Cyber Essentials Plus since 2019.

Achieving certification entails internal & external vulnerability assessment of both processes and implementations. In particular, Cyber Essentials Plus level includes a technical audit of the systems including a representative set of user devices, all internet gateways and all servers with services accessible to unauthenticated internet users.

Analysis is split into the following broad areas:

  • boundary security
  • secure device configuration
  • access control
  • malware protection
  • patch management