Trust & security
Your data and certifications are protected
Security, privacy, and reliability are foundational to Certified Training. We invest in secure infrastructure and document our controls so you can review them.
Our teams maintain encryption in transit and at rest, continuous monitoring, and a control framework modeled on SOC 2, GDPR, and PCI-DSS principles.
Last updated: Feb 1, 2026 · Contact security@certified-training.org for security inquiries.
Security program highlights
- SOC 2 Type II audit in progress
- Privacy program built around GDPR and CCPA principles
- Payments processed through PCI-DSS compliant providers
Security practices
Our controls cover encryption, monitoring, and least-privilege access.
We pair automated detection with quarterly penetration tests, employee security training, and a third-party risk review program before integrating new vendors.
- Data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Quarterly penetration tests and continuous security monitoring
- Role-based access control with just-in-time privilege elevation
- Automated vulnerability scanning in our CI/CD pipeline
Uptime & resilience
99.95%
Redundant hosting across multiple regions with 15-minute recovery point objectives and automated failover.
- Backups run hourly with 30-day retention and quarterly restore drills.
- Disaster recovery plans include clean-room rebuilds to handle region-wide outages.
- 24/7 on-call team and status page updates for transparency.
We publish uptime data and scheduled maintenance windows on the status dashboard and notify partners in advance.
Responsible disclosure
Report security vulnerabilities to security@certifiedtraining.org with reproduction steps, scope, and potential impact. We respond within three business days, coordinate mitigation, and credit collaborators when appropriate.
This is not a bounty program; we welcome collaborative reporting and promise not to pursue legal action for good-faith disclosures.