Skills ReNEW cares deeply about the security and privacy of the data you entrust us with, and we understand that our information security practices are important to you. While we can’t reveal all the details of our practices, we feel it’s important to be as transparent as possible without giving a playbook to the people we’re protecting ourselves against. Below you will find some general information about how we implement our security and privacy safeguards.

Skills ReNEW employs a range of technical security measures to protect its systems, including:

• Servers and network traffic are monitored by industry-standard tools to detect and respond to any potential security breaches.
• Skills ReNEW runs on Google Cloud Platform (GCP) infrastructure, using best-in-class instrumentation tools that continuously monitor the infrastructure to detect signs of a potential compromise.
• TLS encryption is part of the standard security architecture at Skills ReNEW. Core transport services require encryption, such as SSH or HTTPS, to exchange information.
• Encryption technology is used to provide security for online user authentication and administrator sessions.
• Remote data access to production environments or our internal staff application requires a link to the company’s intranet or a connection via a VPN which is subject to a dual authentication mechanism.
• Changes to the infrastructure and back-end environment, including changes to security tools, follow a Software Development Lifecycle (SDLC) that defines coding and release processes.
• All committed code changes are reviewed by an individual that is different than the developer and are tested prior to commit to production.
• To prevent unauthorized access, Skills ReNEW uses unified identity management, two-factor authentication, strong passwords, and periodic reviews of access lists to ensure that data is used only as intended.
• Authorized access to internal support tools is controlled by means of a VPN, in addition to a user system requiring a unique, long password.
• All employees that have access to live production infrastructure and applications are required to authenticate with two-factor authentication.
• Unique personnel IDs are used to authenticate to systems.
• Passwords are configured to enforce password length and complexity.
• Login history and failures are tracked.
• Skills ReNEW takes the following actions to ensure that the parties authorized to use a data processing system only have access to the data for which they have been specifically cleared, and that stored data or data being processed cannot be read, copied, changed or removed:
  • Authorization for Skills ReNEW services and internal applications is enforced at all times and at all levels of a given system, with access rights being granted or processed on the basis of the personnel member’s job responsibilities / need-to-know, which is provided via workflow tools.
  • Access to production systems is restricted to trained and specifically authorized personnel members. Such access is revoked in the event of an individual’s dismissal or termination of employment. All members of the team with access to production systems may access production solely behind a two-factor authenticated session.
  • Skills ReNEW uses a centralized logging system. Access to the logging system is restricted to authorized personnel and the logs are protected from modification and deletion from non-admin personnel.

• Strict policies are in place to address and limit access to our systems. For certain data access tools, tool owners authorize the nature and extent of access privileges prior to granting access. The procedures for requesting and generating certificates to access data for development and production are documented.
• Skills ReNEW employees are required to complete security training as part of their onboarding.
• Skills ReNEW’s engineering team conducts company-wide security awareness activities to reinforce information security practices and policies.
• Skills ReNEW has in place a security incident response process to respond to security issues and concerns.

Among other measures, Skills ReNEW takes the following actions to prevent unauthorized access to personal information:

• Physical access to Skills ReNEW’s facilities is restricted behind keycard access and our building is monitored 24/7.
• All individuals must identify themselves to security personnel in order to be admitted to the Skills ReNEW offices during business hours and must have a valid employee badge to access outside of business hours.
• There are documented processes in place for the issuance of Skills ReNEW building access badges; the possession as well as the return of such badges is tracked and verified
• Only authorized Skills ReNEW visitors and building staff are granted access to the premise

If you come across a vulnerability in the Skills ReNEW Platform, please email to support@ulavitech.com instead of sharing it publicly. Skills ReNEW takes proactive steps to stay ahead of emerging security threats, and appreciates your cooperation in maintaining the security of our Platform.

If you believe the security of your account has been compromised or are seeing suspicious activity in your account, you should change your password immediately and contact support@ulavitech.com with any concerns.