Acorn PLMS Compliance Commitment
Opting for performance and learning software that aligns with crucial compliance standards is vital for maintaining your organization’s security. That’s why we go the extra mile to establish safeguards, ensuring your organization’s protection.
Infosec Registered Assessors Program (IRAP)
To ensure the highest standards of information security, both Acorn and the AWS infrastructure have undergone thorough third-party IRAP (Information Security Registered Assessors Program) assessments. These assessments are designed to evaluate and validate the effectiveness of our security measures, ensuring that we adhere to industry best practices and meet the stringent requirements necessary to safeguard sensitive data.
Data Protection and Encryption
Acorn has implemented Amazon Web Services (AWS) Key Management Service (KMS) as our preferred encryption and key management solution. AWS KMS, encrypts data at rest and in transit using our Customer Master Key (CMK). AWS KMS allows Acorn to enforce strict key access policies and regular key rotation. All web connections to the application are encrypted using Transport Layer Security (TLS) which ensures that the data exchanged between systems and networks is secure.
Data Center Security
Acorn is housed in a Tier 1 data centre that is managed by Cloud Service Provider (CSP) Amazon Web Services (AWS). Acorn examines AWS’s ISO 27001 scope and SOC2 reports annually to make sure security procedures are aligned with our internal protocols.
GDPR Compliance
Acorn’s internal data processing practises and policies are continuously examined and enhanced in accordance with the fundamental tenets of international privacy legislation.
WCAG 2.0
Acorn is committed to accessiblity for all and follows the Web Content Accessibility Guideline (WCAG 2.0). WCAG 2.0 is a standard that ensures products and services are thoughtfully designed to cater to individuals with disabilities. Our dedication to accessibility means that everyone can interact with our software effortlessly, making the digital world more accessible and user-friendly.
Business Continuity
Acorn’s Business Continuity and Disaster Recovery Plan considers a broad variety of events that could impact our platform availability. Our protocols for handling security incidents and data breaches ensure that any problems are resolved promptly and effectively. Our main priorities are functionality and uptime, and Acorn has averaged consistently had 99.99% uptime in the past.
Third Party Disclosure
Our third party service providers must adhere to Acorn’s rules and procedures. Acorn abides by the standards of client data confidentiality and does not sell or trade customer information to third parties.
AWS ‘Well Architected’ Review
Acorn contracted an external AWS auditor to conduct an ‘AWS Well Architected Review’. This has been completed and recommended remediation has been addressed.
Data Regions
The AWS regions we currently host in are Australia (Sydney), East US (Northern Virginia), Europe (London), and Canada (Central).
Soc 2 Type I
As a further form of due diligence, Acorn has embarked on a SOC2 Type I compliance audit. The results of this audit will be available upon request in the near future.
Voluntary Product Accessibility Template (VPAT)
Acorn has completed the VPAT to outline the accessibility of our products with Section 508 standards. The document can be made available upon request.
Further information
For our full security, privacy, and compliance information, get in touch via the box below.
