Logo for eMentorConnect, creator of Mentoring Software

Platform Security

eMentorConnect®’s Platform has multiple layers of security built in across all layers of the application stack to ensure protection of materials, files, user data, and personally identifiable information. The most critical are described below. Please email security@ementorconnect.com with any security related questions.

Dedicated Hosting through AWS

eMentorConnect® web servers and databases are hosted through AWS, a leader in cloud-hosting security. Every eMentorConnect® client enjoys the security benefits provided by AWS, including compliance with global standards such as ISO 27001 and SOC 2.

Secure Connections with SSL/TLS

The data transmitted from eMentorConnect® servers to end-user browsers is encrypted over an HTTPS connection, secured via a 2048-bit, RSA encrypted SSL certificate using the TLS 1.2 protocol. Sensitive information, such as user passwords, employee IDs, etc. are not transmitted to the client application.

Vulnerability Scanning And Penetration Testing

Regular scans for vulnerabilities are performed on all client environments. eMentorConnect® also performs regular application and network penetration tests. Upon request clients may also perform their own penetration tests.

Redundant, Independent Environments

Each client environment is redundant, so if a failure ever occurs a redundant environment will ensure the user’s experience isn’t interrupted. Client environments are also independent, creating another layer of security between environments.

End-To-End Encryption

Data transferred from the eMentorConnect® web application is always encrypted in transit. At tenant’s request, the data stored in the tenant databases may be optionally encrypted at rest.

Personally Identifiable Information (PII)

Though program admins can create any number of custom profile fields, the only user information required by eMentorConnect® is the user’s name and email address. All client data housed within eMentorConnect® systems is considered restricted. This data is only available to eMentorConnect® and the client.

Backups

All client databases have snapshots that are automatically taken on a daily basis. Snapshots are retained by AWS for 30 days. Additionally, manual snapshots can be generated by eMentorConnect® at any time.

Password Security

User’s passwords are never transmitted or stored in plaintext. Instead, a password entered by an end-user is run through a SHA-2 Cryptographic Hash Function 5 before it is sent from the browser to the server.

GDPR Compliant

Every eMentorConnect® is GDPR compliant and ready for international use. For more information please read this blog post about GDPR.

Flexible Hosting Regions

Global clients have the option choose the AWS hosting region for their tools.

gdpr

Hosting

Dedicated Hosting through AWS

eMentorConnect® web servers and databases are hosted through AWS, a leader in cloud-hosting security. Every eMentorConnect® client enjoys the security benefits provided by AWS, including compliance with global standards such as ISO 27001 and SOC 2.

Secure Connections with SSL/TLS

The data transmitted from eMentorConnect® servers to end-user browsers is encrypted over an HTTPS connection, secured via a 2048-bit, RSA encrypted SSL certificate using the TLS 1.2 protocol. Sensitive information, such as user passwords, employee IDs, etc. are not transmitted to the client application.

Vulnerability Scanning And Penetration Testing

Regular scans for vulnerabilities are performed on all client environments. eMentorConnect® also performs regular application and network penetration tests. Upon request clients may also perform their own penetration tests.

Redundant, Independent Environments

Each client environment is redundant, so if a failure ever occurs a redundant environment will ensure the user’s experience isn’t interrupted. Client environments are also independent, creating another layer of security between environments.

Data & Privacy

End-To-End Encryption

Data transferred from the eMentorConnect® web application is always encrypted in transit. At tenant’s request, the data stored in the tenant databases may be optionally encrypted at rest.

Personally Identifiable Information (PII)

Though program admins can create any number of custom profile fields, the only user information required by eMentorConnect® is the user’s name and email address. All client data housed within eMentorConnect® systems is considered restricted. This data is only available to eMentorConnect® and the client.

Backups

All client databases have snapshots that are automatically taken on a daily basis. Snapshots are retained by AWS for 30 days. Additionally, manual snapshots can be generated by eMentorConnect® at any time.

Password Security

User’s passwords are never transmitted or stored in plaintext. Instead, a password entered by an end-user is run through a SHA-2 Cryptographic Hash Function 5 before it is sent from the browser to the server.

Global Compliance

GDPR Compliant

Every eMentorConnect® is GDPR compliant and ready for international use. For more information please read this blog post about GDPR.

Flexible Hosting Regions

Global clients have the option choose the AWS hosting region for their tools.

Trusted By
Trusted By