Location‍

Amazon stores data over several large-scale data centers around the world. Most specifically, we use the AWS Canada (central) Region to host all client data and operating codebase. We use Canada’s data centers to comply with PIPEDA requirements. While we have not been required to comply with other country laws, we’ve chosen Amazon as our main service provider since they have data centers around the world, thus enabling us to operate and likely comply with other laws as required.

Physical Security‍

We rely on Amazon’s AWS military grade perimeter control berms, video surveillance, and professional security staff to keep data centers physically secure. You can read more information about Amazon’s Web Services  Overview of Security here.

Code Platform Information

Software Security‍

We use RSA 2048 bits (SHA256withRSA) SSL Certificates to encrypt web traffic between clients and the server as well as server to server data communications.

Our codebase is installed across 5 server instances, set within a secure private zone. Which means that they are not shared with other customers within the AWS environment. Data communications within each server are encrypted to prevent “man in the middle” attacks.

Additionally, we use load balancers with built-in firewalls used to manage traffic loads and prevent Distributed Denial of Service (DDoS) attacks, Man in the Middle (MITM) attacks, and packet sniffing.

Data Backups‍

Client and codebase data are backed up on an hourly basis on a separate storage location than the operating servers. We store and hold encrypted data backups for 30 days. In the event of catastrophic failure, we can restore data and codebase within minutes, thus minimizing the risk of loss.

Data Protection Measures‍

We have implemented new security and data handling methodologies meant to isolate and protect the transfer of data between clients and HELIS whereby clients do not have to send unsecured student data over email and other open channels. We enforce this procedure in our interactions and dealings with all clients and their staff.

Once the data is received by us, we store it within secure servers and only used by approved HELIS staff. We do not make use of overseas contractors and we do not provide access to the data to outside contractors. All staff who have access to the data are located in Calgary, Alberta and are HELIS Staff.

Local Security Measures‍

Our equipment is continuously scanned for viruses and malicious scripts. We use password encryption software for every password we use. Most importantly we audit all software services and applications that we use to keep our operations and client data secure.