Last Revision: December 8th, 2025
Thousands of learners trust Workera to keep their data safe and secure every day, and we take that responsibility seriously.
ISO 27001:2022
Workera maintains an ISO 27001-certified Information Security Management System (ISMS). Our certification demonstrates our commitment to a systematic, risk-based approach to securing information assets across our platform, business processes, and supporting infrastructure.
SOC 2
Workera maintains a SOC 2 Type II attestation, demonstrating that our security, availability, and confidentiality controls operate effectively over time. Our independent auditors evaluate our controls annually against the AICPA Trust Services Criteria, validating that Workera’s systems, processes, and organizational practices meet stringent industry standards for safeguarding customer data.
Data Protection & Privacy
We implement strict data-protection principles aligned with global privacy laws such as GDPR. Our practices include data minimization, purpose limitation, strict access controls, and defined data-retention schedules. Personal data is processed only for legitimate business purposes and is removed or anonymized when no longer needed. We also provide full support for data-subject rights, including access, correction, and deletion requests.
Security Governance & Risk Management
Security is governed through a company-wide ISMS supported by dedicated security, compliance, and privacy professionals. We conduct ongoing risk assessments, internal audits, and executive reviews to ensure continuous improvement and alignment with industry standards.
Identity & Access Management
Access to systems and data follows the principle of least privilege and is reviewed regularly. Administrative and production access requires multi-factor authentication. Customers also have access to optional two-factor authentication and SSO for Workera’s platform.
Encryption in Transit & At Rest
All data is encrypted both in transit and at rest. We use TLS 1.2+ for all communications and AES-256-equivalent encryption within AWS-managed services. Encryption keys are stored and managed securely using AWS Key Management Service (KMS).
Infrastructure & Network Security
Workera’s platform is hosted on Amazon Web Services (AWS), leveraging its secure, SOC-certified global data centers. Our network architecture includes segmentation, firewalls, continuous monitoring, and intrusion detection capabilities. System logs and security events are actively monitored to detect and respond to anomalies.
Application Security & Secure SDLC
We integrate security throughout our software development lifecycle, including secure coding reviews, automated dependency scanning, static and dynamic testing, and regular third-party penetration tests. Production changes follow a controlled and audited change-management process.
Incident Response
Workera maintains a documented, tested incident-response plan covering detection, containment, forensics, customer communication, and regulatory obligations. Our security team monitors systems around the clock and follows defined procedures for evaluating and responding to potential security issues.
Business Continuity & Disaster Recovery
We maintain a comprehensive business-continuity and disaster-recovery program to ensure platform resilience. Our disaster-recovery strategy includes encrypted off-site backups, multi-region redundancy, regular testing, and defined recovery time objectives (RTOs) and recovery point objectives (RPOs).
Third-Party & Vendor Security
All third-party vendors undergo security and privacy reviews before engagement and are reassessed periodically. We ensure that subcontractors maintain appropriate controls, contractual protections, and compliance with relevant standards for data protection.
Data Residency & International Compliance
Workera stores and processes customer data in secure AWS regions. We support global customers and comply with applicable data-transfer requirements using Standard Contractual Clauses (SCCs) and other approved mechanisms.
Responsible Vulnerability Disclosure Program
We welcome feedback from the security community. If you believe you’ve identified a vulnerability, please submit it through our responsible-disclosure program. All reports are reviewed and triaged promptly by our security team.
Trust Center Access
For detailed documentation, SOC 2 reports, penetration-test summaries, certifications, and policies, authorized customers and prospects under NDA can request access to our Trust Center.
For More Information
Please review the following pages:
Responsible Vulnerability Disclosure Program