Lingo Live Security Policy
This policy is applicable to Any employee, contractor, or individual with access to Lingo Live systems or data.
Executive point of contact:
James Simmons, CISO
The Lingo Live security team oversees the implementation of this policy, including:
- Procurement, provisioning, maintenance, retirement, and reclamation of corporate computing resources
- All aspects of service development and operation related to security, privacy, access, reliability, and survivability
- Ongoing risk assessment, vulnerability management, incident response
- Security-related human resources controls and personnel training
Security point of contact: Security@LingoLive.com.
Personnel and Office Environment
Lingo Live is committed to protecting its customers, personnel, partners, and the company from illegal or damaging actions by individuals, either knowingly or unknowingly in the context of its established employment culture of openness, trust, maturity, and integrity.
This section outlines expected personnel behaviors affecting security at Lingo Live. These rules are in place to protect our personnel and Lingo Live itself, in that inappropriate use may expose customers and partners to risks including malware, viruses, compromise of networked systems and services, and legal issues. This section complements Lingo Live’s internal Acceptable Use Policy.
The first line of defense in data security is the informed behavior of personnel, who play a significant role in ensuring the security of all data, regardless of format. Such behaviors include those listed in this section as well as any additional requirements specified in the employee handbook, specific security processes, and other applicable codes of conduct.
All employees and contractors must attend the Lingo Live security training program, which will be offered at least twice annually, to inform all users of the requirements of this policy.
Unrecognized Persons and Visitors
It is the responsibility of all personnel to take positive action to maintain physical security. Challenge any unrecognized person present in a restricted office location. Any challenged person who does not respond appropriately should be immediately reported to supervisory staff and the security team. All visitors to Lingo Live offices must be registered as such or accompanied by a Lingo Live employee.
Personnel should maintain workspaces clear of sensitive or confidential material and take care to clear workspaces of such material at the end of each workday.
Unattended devices must be locked. All devices will have an automatic screen lock function set to automatically activate upon no more than fifteen minutes of inactivity.
Use of Corporate Assets
Systems are to be used for business purposes in serving the interests of the company, and of our clients and partners in the course of normal business operations. Personnel are responsible for adhering to Lingo Live’s Acceptable Use Policy.
No Backups, Use of Cloud Storage
Personnel may not configure work devices to make backups of device data. Instead, personnel are expected to operate primarily “in the cloud” and treat local storage on computing devices as ephemeral. Making a practice of keeping important work artifacts replicated into company-approved secure cloud storage (e.g. Google Docs, Dropbox) ensures that even in the event of a corporate device being lost, stolen, or damaged, such work artifacts will be immediately recoverable on a replacement device.
Personnel Systems Configuration, Ownership, and Privacy
Centralized System Configuration
Personnel devices and their software configuration may be managed remotely by members of the security team via configuration-enforcement technology. Such technology may be used for purposes including auditing/installing/removing software applications or system services, managing network configuration, enforcing password policy, encrypting disks, copying data files to/from employee devices, and any other allowed interaction to ensure that employee devices comply with this Policy.
Retention of ownership
All software programs, data, and documentation generated or provided by personnel while providing services to Lingo Live or for the benefit of Lingo Live are the property of Lingo Live unless otherwise covered by a contractual agreement.
While Lingo Live’s network administration desires to provide a reasonable level of privacy, users should be aware that the data they create on the corporate systems remains the property of Lingo Live. Due to the need to protect Lingo Live’s network, management does not intend to guarantee the privacy of personnel’s personal information stored on any network device belonging to Lingo Live. Personnel are responsible for exercising good judgment regarding the reasonableness of personal use such as general web browsing or personal email. If there is any uncertainty, personnel should consult the security team or their manager.
Personnel should structure all electronic communication with recognition of the fact that the content could be monitored and that any electronic communication could be forwarded, intercepted, printed, or stored by others.
Lingo Live reserves the right, at its discretion, to review personnel’s files or electronic communications to the extent necessary to ensure all electronic media and services are used in compliance with all applicable laws and regulations as well as corporate policies.
Lingo Live reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy. For security and network maintenance purposes, authorized individuals within Lingo Live may monitor equipment, systems and network traffic at any time.
Human Resources Practices
Background checks may be conducted on employees prior to their start date. The consequences of problematic background check results may range from a limitation of security privileges, to revocation of employment offer, to termination.
The security team maintains a company-wide security awareness program delivered to all personnel at least annually. The program covers security awareness, policies, processes, and training to ensure that personnel are sufficiently informed to meet their obligations. Those most responsible for maintaining security at Lingo Live, including the security team itself as well as key engineering/operations staff, undergo more technical continuing education.
In the case of personnel termination or resignation, the security team coordinates with human resources to implement a standardized separation process to ensure that all accounts, credentials, and access of outgoing employees are reliably disabled.
Internet access shall be provided to devices via wired ethernet and WPA2 wifi. Networking switches and routers shall be placed in a locked networking closet with only the security team having access. Lingo Live executives and the security team may grant access to the networking closet to individuals on a case-by-case and as-needed basis. A network firewall that blocks all WAN-sourced traffic shall be put in place. WAN-accessible network services shall not be hosted within the office environment.
Personnel Identity and Access Management
User Accounts and Authentication
Each individual having access to any Lingo Live-controlled system does so via a G Suite user account denoting their system identity. Such user accounts are required to have a unique username, strong password of at least 8 characters, and two-factor authentication (2FA) mechanism.
Logging into Lingo Live Systems
Authentication is performed by Google’s account management system, details of which can be found at https://gsuite.google.com/security. Lingo Live leverages G Suite’s facilities of detecting malicious authentication attempts. Repeated failed attempts to authenticate may result in the offending user account being locked or revoked.
Logging into Third Party Systems
Whenever available, third-party systems must be configured to delegate authentication to Lingo Live’s G Suite account authentication system (described above) thereby consolidating authentication controls into a single user account system that is centrally managed by the security team.
Revocation and Auditing of User Accounts
User accounts are revoked (that is, disabled but not deleted) immediately upon personnel separation. As a further precaution, all user accounts are audited at least quarterly, and any inactive user accounts are revoked.
Lingo Live adheres to the principle of least privilege, and every action attempted by a user account is subject to access control checks.
Role-based Access Control
Lingo Live employs a role-based access control (RBAC) model utilizing Google-supplied facilities such as organizational units, user accounts, user groups, and sharing controls.
Web Browsers and Extensions
Lingo Live may require use of a specified web browser(s) for normal business use and for access to corporate data such as email. For certain specified roles such as software development and web design, job activities beyond those mentioned above necessitate the use of a variety of browsers, and these roles may do so as needed for those activities.
Any browser that is allowed to access corporate data such as email is subject to a whitelist-based restriction on the which browser extensions can be installed.
Access to administrative operations is strictly limited to security team members and further restricted still as a function of tenure and the principle of least privilege.
Access control policies are reviewed regularly with the goal of reducing or refining access whenever possible. Changes in job function by personnel trigger an access review as well.
Upon termination of personnel, whether voluntary or involuntary, the security team will follow Lingo Live’s personnel exit procedure, which includes revocation of the associated user account and reclamation of company-owned devices, office keys or access cards, and all other corporate equipment and property prior to the final day of employment.
Provenance of Technology
How does Lingo Live build, adopt, configure, and maintain technology to fulfill its security intentions and needs?
Lingo Live stores source code and configuration files in private GitHub repositories. The security and development teams conduct code reviews and execute a static code analysis tools on every code commit. Reviewers shall check for compliance with Lingo Live’s conventions and style, potential bugs, potential performance issues, and that the commit is bounded to only its intended purpose.
Security reviews shall be conducted on every code commit to security-sensitive modules. Such modules include those that pertain directly to authentication, authorization, access control, auditing, and encryption.
All major pieces of incorporated open source software libraries and tools shall be reviewed for robustness, stability, performance, security, and maintainability.
The security and development teams shall establish and adhere to a formal software release process.
Configuration and Change Management
The Lingo Live security and development teams shall document the configuration of all adopted systems and services, whether hosted by Lingo Live or are third party hosted. Industry best practices and vendor-specific guidance shall be identified and incorporated into system configurations. All configurations shall be reviewed on at least an annual basis. Any changes to configurations must be approved by appointed individuals and documented in a timely fashion.
System configurations must address the following controls in a risk-based fashion and in accordance with the remainder of this policy:
- data-at-rest protection encryption
- data-in-transit protection of confidentiality, authenticity, and integrity for incoming and outgoing data
- data and file integrity
- malware detection and resolution
- capturing event logs
- authentication of administrative users
- access control enforcement
- all non-production systems must have an access control system implemented and enforced
- removal or disabling of unnecessary software and configurations
- periodic destruction or anonymization of data contained in all non-production systems (at a minimum frequency of monthly)
- allocation of sufficient hardware resources to support loads that are expected at least twelve months into the future.
Third Party Services
For every third-party service that Lingo Live adopts, the security team shall review the service and vendor, on an annual basis, to gain assurance that their security posture is consistent with Lingo Live’s for the type and sensitivity of data the service will store.
Data Classification and Processing
Lingo Live maintains the following classes and processing rules of customer data. For each data class, the Lingo Live security and development teams must provision and dedicate specific information systems in Heroku and Google Cloud Platform to store and process data of that class, and only data of that class, unless otherwise explicitly stated throughout this section. For all classes of customer data, the corresponding systems may store and process data items needed to keep each customer’s data properly segmented, such as Lingo Live customer identifiers.
- Client Account Data
This is data pertaining to corporate clients, including contracts, information that clients and learners share with us, and any other information of a sensitive nature that belongs to or is created by our clients.
- User Account Data
This is data pertaining to login accounts for the www.staging.lingolive.com and app.lingolive.com customer web interface, used by Lingo Live customer agents. This data shall be encrypted-at-rest so as to protect the data in the event of unauthorized access attempts. User account credentials shall be hashed in such a manner that the plaintext passwords cannot be recovered.
- Customer Contact Data
This is contact data about Lingo Live customers and customer agents.
- User Preferences Data
This is data pertaining to the customer-specific preferences and configurations of the Lingo Live service made by customer agents.
- Session Data
This is data that the Lingo Live service collects during lesson sessions. The Lingo Live security and development teams must provision specific systems within Twilio and Google Cloud Platform to store and process this class of data. This data shall be encrypted-at-rest so as to protect the data in the event of unauthorized access attempts.
- Session Metadata
This is metadata about lesson sessions conducted. This includes attendance information, topic, feedback, progress, assessment information, as well as other survey data resulting from a specific lesson.
- User Interaction Metadata
This is metadata about interactions between a customer and the Lingo Live web-based applications. This includes customer organization and user identifiers, standard syslog data pertaining to customer users, and instances of Customer Contact Data and Customer Preferences Data. This class does not include Customer Session Data.
Customer Contact Data, Customer Preferences Data, and Customer Session Metadata may be stored and processed in systems hosted in environments other than Google Cloud Platform, as approved by the security team.
Lingo Live Employee Access to Customer Data
Lingo Live employees may access Customer Data only under the following conditions:
- For the purpose of quality control, incident response, customer support, or feature testing.
- For no longer than is needed to fulfill the purpose of access.
- In an audit-able manner.
Lingo Live provides web user interfaces (UIs) to provide customers access to their data.
The security team in conjunction with executive management may approve emergency exceptions to any of the above rules, in response to security incidents, service outages, or significant changes to the Lingo Live operating environment, when it is deemed that such exceptions will benefit and protect the security and mission of Lingo Live and Lingo Live customers.
Vulnerability and Incident Management
Vulnerability Detection and Response
The Lingo Live security and development teams shall use all of the following measures to detect vulnerabilities that may arise in Lingo Live’s information systems.
Cross-checking vulnerability databases with all systems and software packages that support critical Lingo Live services.
Automated source code scanners on every code commit.
Code reviews on every security-sensitive code commit.
Vulnerability scanning on Lingo Live services.
Annual penetration testing with an independent provider.
Incident Detection and Response
The Lingo Live team shall use all of the following measures to detect security incidents:
Monitor logs to detect potentially malicious or unauthorized activity.
Conduct reviews on the causes of any service outages.
Respond to notices of potential incidents from employees, contractors, or external parties.
The Lingo Live security team shall make a determination of whether every indicator is representative of an actual security incident. The severity, scope, and root cause of every incident shall be evaluated, and every incident shall be resolved in a manner and timeframe commensurate with the severity and scope.
In the event that a data breach affecting a customer has been detected, Lingo Live will maintain communication with the customer about the severity, scope, root cause, and resolution of the breach.