
SOC 2 Type 2
Yarno is continuously audited against Service Organisation Control (SOC) 2 Type 2 by auditors AssuranceLab. We use Drata, a continuous compliance platform, to manage and monitor SOC 2 Type 2 controls, policies, and vendors.
SOC is a global reporting standard developed by AICPA. Service organisations use it to report on their operational and information security policies and procedures.

Encryption
Data is encrypted in transit and at rest using industry standard protocols (TLS/SSL for data in transit, and AES256 for data at rest).

Data security
We store your data in the cloud with Amazon Web Services (AWS), which has strong controls on data centre security. Yarno employees are trained in security best practices and can only access data they need to do their job (principle of least privilege).

Permissions and account security
Yarno allows customers to assign different roles to administer training, manage teams or groups, or access learning. Single Sign On (SSO) and Multi-Factor Authentication (MFA) options are available to secure customers' accounts.

Secure development and releases
Security is considered at all stages of our software development. Yarno code releases are peer reviewed and tested prior to release, including both manual and automated checks. We review updates in development and staging environments prior to release to production.

Monitoring and resiliency
Centralised logging, metrics and alerts are used to monitor for security and system events and automatically alert our team if required. We also conduct a third party penetration test at least once per year to proactively detect any vulnerabilities in our platform or security systems.