On-line Fleet Risk Assessments for the UK & Worldwide Road Safety - Everyone's Business

Data Security, Integration & Compliance Protocols

 UK Global Road Safety - Online Driver Training & Fleet Risk Management

 

Below you will find general information, specifications, data transmission, security & compliance details regarding the processing of data relating to the Online Driver Assessment, Training & Fleet Risk Mitigation Programme.
   
  • AICC & SCORM Compliant:
    • All courseware is AICC and SCORM compliant & will integrate with other LMS systems. Programmes meet the specifications outlined in ‘AICC – CMI Guidelines for Interoperability, CMI001 Version 4.0’ and support SCORM 1.2 and 2004.
  • Network Uptime:
    • Over the previous 12 months uptime vs downtime – the system has maintained a 100% power uptime, 99.99% network uptime and a 99.99% application uptime.
  • Cryptographic Protocols:
    • Cryptographic protocols used in protection of client data transmission – utilizes 256-bit SSL encryption for the transmission of all personally identifiable information.
  • Data Integration:
    • Process are in place to facilitate  integration with client’s Learning Management Systems with both SCORM and AICC compliance. In addition, we can integrate client data into our system or provide exported data from our system using secure, nightly file feed processes over Secure FTP with optional PGP encryption.
  •  Scheduled Maintenance:
    • Schedule planned maintenance windows are required to ensure a high standard of environment stability & performance. Such maintenance is performed between Monday and Friday will be scheduled between 11:00PM and 4:00AM EDT. Such maintenance performed on weekends may be scheduled at any time. When such maintenance is expected to last more than 5 consecutive minutes, Clients will be notified at least 24 hours prior to the expected downtime via email and/or in-application communication.
  • Validation Failsafe Checks for Data Corruption: (either data processing or deliberate acts)
    •  Checks for processing errors Transaction Management: All SQL queries are contained in databases transactions which are atomic, consistent, isolated and durable (ACID). Therefore, reduces possibility of data corruption.
    • Failsafe Checks Against Malicious Intent: (Checks happen in multiple layers as in defense in depth)
      • Input Filtering & Validation: Every HTTP POST and HTTP GET input is filtered and then validated.
      • Front controller: Every application logic goes through a front controller. Therefore there is a consistent, and constrained method for application code to access HTTP POST and HTTP GET variables. As such it is not easy for an intruder to manipulate programming variables at will.
      • Database escaping: All SQL queries are trimmed of any unsafe characters (sanitized) as deemed by MySQL (the RDBMS used ). Therefore, reduces the possibility of SQL injection attack.
      • Database prepared statements: SQL queries are executed as prepared statements, where the execution path is static, and only the values are dynamic. Therefore, reduces the possibility of an intruder to change the execution path.
      • Database permissions: permissions to drop, alter, select database tables are set granularly to prevent an exploit in one application affecting data of another application.
      • Output filtering & HTML Entities: All web pages are delivered as XHTML with UTF-8 encoding. Code reviews and processes are in place to maximize the use of HTML entities. XHTML output is generated through User Interface components in the framework, therefore making it difficult for an intruder to insert malicious HTML, JavaScript at any preferred location in the web page. Output filtering is also in away important to prevent data corruption, since without that an intruder can even modify a web page to capture user data to direct to a malicious site.
      • SSL encryption: HTTP protocol is used to encrypt sensitive data, so that a malicious user cannot easily read or modify the data transfer between a user & server.