Your training data is critical. We protect it with the same standards trusted by banks, energy companies, and government agencies across the region.
Audited controls for security, availability, and confidentiality
Full compliance with EU data protection regulation
Information security management system certification
From encryption to incident response, every layer of Tristar Academy is built with security first.
All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Database fields containing PII use additional field-level encryption. Encryption keys are rotated regularly and managed through a dedicated key management service.
Role-based access control (RBAC) with granular permissions at the organisation, department, and user level. Multi-factor authentication (MFA) available for all accounts. Session management with automatic timeouts and concurrent session limits.
Hosted on enterprise-grade infrastructure with DDoS protection via Cloudflare. Network segmentation, firewall rules, and intrusion detection systems protect all services. Regular vulnerability scanning and automated patching.
Tristar Academy maintains compliance with SOC 2 Type II, GDPR, and ISO 27001 standards. Regular third-party audits validate our security posture. Detailed audit logs track all system access and data changes.
For organisations in the Middle East and North Africa, we offer data residency within the region. Your data stays in MENA-region data centres, meeting local regulatory requirements for data sovereignty and localisation.
A dedicated incident response plan with defined escalation procedures ensures rapid detection and containment. Affected customers are notified within 72 hours per GDPR requirements. Post-incident reviews drive continuous improvement.
Annual third-party penetration testing by certified security firms. Continuous automated vulnerability scanning of application code and dependencies. Responsible disclosure programme for external security researchers.
Comprehensive audit trails for all user actions, admin changes, and system events. Logs are immutable, retained for 12 months, and available for export. Real-time monitoring with automated alerting for suspicious activity.
Our team is ready to discuss your organisation's security requirements and compliance needs.