Data Security Policy

• Any data collected by Learning for Action is stored and shared within a secured SharePoint environment, access is restricted to authorized team members.

• Multi-Factor Authentication enhances account security for LFA users accessing the SharePoint site, requiring multiple forms of verification.

• All user workstations are equipped with BitLocker encryption, centrally managed for consistent security.

• Deployment of up-to-date and active firewall technology safeguards against unauthorized access.

• Comprehensive anti-virus software is installed across all computing devices to detect and neutralize threats.

• An automated Patch Management system regularly updates software, fortifying the network with an Intrusion Detection and Prevention System.

• Multi-factor authentication is implemented for remote email access, adding an extra layer of security.

• Remote network access is strictly limited to VPN use, ensuring a secure connection.

• Robust backup and recovery procedures for critical business and customer data is in place, minimizing the risk of data loss.

• Network security assessments are performed annually to identify and mitigate potential vulnerabilities.

• Continuous Log Monitoring provides a systematic approach to storing and reviewing network and security logs.

• LFA staff are continually trained on security awareness and simulated phishing.

• LFA has established protocols to revoke user access promptly as part of the employee exit procedure.

SMS Privacy Policy

LFA SMS Program Privacy Policy: This program is intended to provide those clients and partners who elect to participate with timely reminders and time-sensitive notices where appropriate.  

•  Our SMS Recipients can expect the following two types of messages.  

• Reminders: 

• SMS may be used to send reminders to clients who have requested text reminders about appointments. 

• Cancellation/Rescheduling Notices: 

• SMS may be used where there is a last-minute need to cancel or reschedule an existing meeting in close proximity to the meeting start time where the client has requested such texts. 

• Our SMS Program will gather and keep confidential the following information from our Clients and Partners. 

• Confidential Data: Full Name, time zone, phone number, email address.  

• Our SMS Program will collect personal data in the following way 

• Clients and Partners will be asked to opt-in to the SMS program on a phone-call with an LFA employee, once they have provided necessary information and opted-in they will receive a text message to confirm subscription. 

• While on the phone with the user, we ask them to confirm if they wish to receive additional information via SMS. If the user agrees, the information is sent. We do remind them that messaging and data charges may apply and that they can opt-out at any time by replying STOP and that HELP provides them more information. We notify them of privacy best practices. If they want written information, we offer to send that to them. We also offer a phone number for them to call if they have more questions. 

• The Confidential Personal Data will only ever be used to participate in the SMS Program as delineated above.  

• To send text message reminders or cancellation/reschedule notices. 

• The confidential data gathered will be kept confidential via the following process: 

• The confidential data will be stored in a password protected Excel file on SharePoint 

• Third-Party Disclosures of Confidential Data: 

• We do not share personal data with third parties and will not be sharing this information with third parties. 

• For customers/visitors to correct, verify, change, or remove their personal information. 

• Client can contact LFA at info@learningforaction.com to correct, verify, change, or remove their personal information. 

Microsoft Forms Privacy Statement

Any data collected by Learning for Action via Microsoft Forms is stored in a secured SharePoint site within LFA’s Office 365 Tenant. The sharing of this data will be restricted to applicable internal users only.

LFA has the following measures in place to protect sensitive data:

• Up-to-date, active firewall technology

• Anti-virus software on all computers, networks, and mobile devices

• An automated process in place to regularly download, test, and install patches, including an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)

• Multi-factor authentication for remote access to email

• Remote access to the network is limited to VPN

• Backup and recovery procedures are in place for all important business and customer data

• Annual network security assessments

• Systematic storage and monitoring of network and security logs

• Procedures in place to terminate user access rights as part of the employee exit process.