Security Statement

This Security Statement is aimed at being transparent about our security infrastructure and practices, to help reassure you that your data is appropriately protected

IACE make it a priority to take our users’ security and privacy seriously. We strive to ensure that user data is kept securely, and that we collect only as much personal data as is required to provide our services in the most efficient and effective manner

Application / User security


Where appropriate, all network communications take place via SSL (Secure Sockets Layer). SSL is a standard security technology for establishing an encrypted link between a server and a client (typically a website and a browser; or a mail server and a mail client)

User Authentication

  • User data on our database(s) are logically segregated with strict access control rules in place
  • User accounts have a unique username/password combination, which must be entered each time a user accesses the systems
  • We issue a session cookie to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user, or any personal information
  • 'session limitation', is enforced to ensure that one account can only be accessed from one machine at any given time
  • Our systems contain a lock-out policy which freezes access to accounts with a specific number of failed login attempts within a time frame

User Passwords

User passwords are independently configured by new users to each system. The passwords are individually salted and hashed in our secure databases

Data Encryption

Any sensitive information which is stored, such as credit-card data, is stored in a secure encrypted format

Data Portability

Wherever possible, our e-learning initiatives ensure SCORM compliance, allowing user-data to be exported in an industry standard format


We have a comprehensive privacy policy available for download at: url

Physical Security

Data Centres

We host our servers externally at premier datacenter facilities, for example: Equinix, Telx, and Telecity. Each site is staffed 24/7/365 with onsite security and to protect against unauthorised entry


Our servers are located where appropriate to conform with data-protection laws, and to ensure optimal performance. Locations include New York, Amsterdam, San Francisco, Singapore, and London


Servers have redundant internal and external power supplies


Continuous uptime monitoring at multiple levels, with immediate escalation to IACE staff for any downtime


Our database(s) is are automatically synchronised to standby servers

Network Security


Firewall restricts access to all ports except 80 (http) and 443 (https)


Latest security patches are applied to all operating system and application files to mitigate newly discovered vulnerabilities

Access Control

SSH authentication, and role-based access is enforced for systems management

Logging and Auditing

Central logging systems capture and archive all internal systems access including any failed authentication attempts

Storage Security

Backup Frequency

Backups occur at various intervals across multiple systems to secure backup servers


All servers run hardware RAID Redundancy level 5

Organisational & Administrative Security


Access controls to sensitive data in our databases, systems and environments are set on a need-to-know / least privilege necessary basis

Software Development Practices

Our developers use best practices and industry-standard secure coding guidelines to ensure secure coding