Data Security Policy
Any data collected by Learning for Action is stored and shared within a secured SharePoint environment, access is restricted to authorized team members.
Multi-Factor Authentication enhances account security for LFA users accessing the SharePoint site, requiring multiple forms of verification.
All user workstations are equipped with BitLocker encryption, centrally managed for consistent security.
Deployment of up-to-date and active firewall technology safeguards against unauthorized access.
Comprehensive anti-virus software is installed across all computing devices to detect and neutralize threats.
An automated Patch Management system regularly updates software, fortifying the network with an Intrusion Detection and Prevention System.
Multi-factor authentication is implemented for remote email access, adding an extra layer of security.
Remote network access is strictly limited to VPN use, ensuring a secure connection.
Robust backup and recovery procedures for critical business and customer data is in place, minimizing the risk of data loss.
Network security assessments are performed annually to identify and mitigate potential vulnerabilities.
Continuous Log Monitoring provides a systematic approach to storing and reviewing network and security logs.
LFA staff are continually trained on security awareness and simulated phishing.
LFA has established protocols to revoke user access promptly as part of the employee exit procedure.
SMS Privacy Policy
LFA SMS Program Privacy Policy: This program is intended to provide those clients and partners who elect to participate with timely reminders and time-sensitive notices where appropriate.
Our SMS Recipients can expect the following types of messages:
Reminders: SMS may be used to send reminders to Clients or Partners who have requested text reminders about appointments.
Cancellation/Rescheduling Notices: SMS may be used where there is a last-minute need to cancel or reschedule an existing meeting in close proximity to the meeting start time where the client has requested such texts.
Opt-In: SMS may be used to send messages to Clients or Partners who have opted in to receiving messages.
Our SMS Program will gather and keep confidential the following information from our Clients and Partners.
Confidential Data: full name, time zone, phone number, email address.
Our SMS Program will collect personal data in the following way
Clients and Partners will be asked to opt-in to the SMS program on a phone-call or via email with an LFA employee, once they have provided necessary information and opted-in they will receive a text message to confirm subscription. That message will include the following information: Messaging and data charges may apply. To opt out at any time reply STOP; replying HELP provides more information. Other information includes privacy best practices, ways to receive written information, and a phone number is provided for questions.
The Confidential Personal Data will only ever be used to participate in the SMS Program as delineated above.
The data gathered will be kept confidential via the following process:
The confidential data will be stored in a password protected Excel file or List on SharePoint
Third-Party Disclosures of Confidential Data: We do not share personal data with third parties.
To correct, verify, change, or remove personal information, contact LFA at info@learningforaction.com or (415) 392.2850.
Microsoft Forms Privacy Statement
Any data collected by Learning for Action via Microsoft Forms is stored in a secured SharePoint site within LFA’s Office 365 Tenant. The sharing of this data will be restricted to applicable internal users only.
LFA has the following measures in place to protect sensitive data:
Up-to-date, active firewall technology
Anti-virus software on all computers, networks, and mobile devices
An automated process in place to regularly download, test, and install patches, including an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)
Multi-factor authentication for remote access to email
Remote access to the network is limited to VPN
Backup and recovery procedures are in place for all important business and customer data
Annual network security assessments
Systematic storage and monitoring of network and security logs
Procedures in place to terminate user access rights as part of the employee exit process.