At Prentice we take the security of our platform seriously. This document will provide an overview of security practices we have in place to help protect the platform and your data. For information regarding privacy, see our privacy policy or our DPA (applicable to our Enterprise License product).
Information Security Governance
Prentice maintains a comprehensive set of Information Security Policies which are reviewed and revised at least annually by the security steering committee and approved by management.
Third Party Assessments
Prentice validates the effectiveness of its information security program by engaging in a third party assessment utilizing the NIST 800-53 control families. This engagement is performed at least annually by a qualified firm specializing in information security audits and assessments. The results of the assessment are reported to leadership within the organization and are used to continually evaluate priorities associated with remediation and advancements in our control environment.
Security Steering Committee
MasterClass has a cross-functional security steering committee responsible for security oversight at the company.
Infrastructure Security
We utilize enterprise cloud providers, including Cloudflare, Heroku, AWS, and GitHub for our platform deployment and operations. These providers are SOC2 and ISO27001 compliant with established security standards and operations.
More about their security:
Data In Transit Security
Our website and mobile platforms require Transport Layer Security, or TLS, a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. Prentice utilizes the most recent version, TLS 1.3, of the protocol for its public facing web applications.
Data At Rest Security
Prentice utilizes several mechanisms to protect data from unauthorized access while in storage.
Our data must be encrypted at rest on production databases.
All employee workstations must have hard disk encryption enabled.
All media must be stored on encrypted hard drives and tracked through our inventory system.
Use of personal devices for MasterClass editing and production is not permitted.
Operational Security
Prentice has in place several processes to provide secure access to systems.
Single Sign On and MFA for corporate applications and production platforms.
Password Managers are provisioned to every user for safe password and secret storage.
Security Awareness and Phishing training is provided and required of all employees and contractors.
Automated provisioning and deprovisioning for business and production applications.
Security Engineering
In Engineering, we have several mechanisms in place to protect the security of our code, platforms, and user data.
Active bug bounty program.
Enterprise-grade infrastructure and website security tools to mitigate web-based attacks.
Penetration testing conducted at least annually.Static Application Security Testing (SAST) checks in development pipeline.
Live training to developers regarding application security best practices.
Robust change management processes.
Hashing and salting of user passwords.
Effective Date: 1st February 2024
