Embedded Files
Is Lemon Learning ISO 27001 certified?
Is Lemon Learning ISO 27001 certified?
Currently, Lemon Learning is not directly ISO 27001 certified. However, our hosting providers, Microsoft Azure and AWS, where our data is hosted, are ISO 27001 certified.
Regarding our application, the ISO 27001 certification process is currently underway.
Security Scope
Security Scope
Hosting: Our servers and databases are hosted on Microsoft Azure and AWS, within regions in France, the Netherlands, and Germany. These providers are ISO 27001 certified, ensuring the physical and logical security of the infrastructure.
Application: We have implemented an Information Security Management System (ISMS) and are currently undergoing auditing to obtain ISO 27001 certification for the Lemon Learning platform.
Why is this distinction important?
Why is this distinction important?
Provider certification guarantees that the infrastructure is secure and auditable according to international standards.
The ongoing application certification demonstrates our commitment to protecting client data end-to-end.
These measures are part of our GDPR compliance framework and security best practices.
Data Security
Data Security
Encryption at Rest: SHA-256 for all sensitive data.
Encryption in Transit: TLS 1.2 or higher.
Access Management: Zero Trust approach, with mandatory MFA (Multi-Factor Authentication) for everyone.
Backups: Daily backups, retained for 20 days, with annual restoration tests.
Audits and Controls
Audits and Controls
Internal Audits: Conducted at every production release.
External Pentests: Anonymized reports available upon request; additional tests can be performed.
Security Officers: CTO acting as CISO (Chief Information Security Officer), and Customer Experience Lead acting as DPO (Data Protection Officer).
Incident Management
Incident Management
Security Incident Management Plan in place.
BCP/DRP (Business Continuity & Disaster Recovery Plans) fully operational.
Data and GDPR Compliance
Data and GDPR Compliance
DPO: Adrien Juric.
DPA (Data Processing Agreement): Available for all clients.
Sensitive Personal Data: Not collected.
Right to Erasure: Clients can request the deletion of their data at any time.
Page updated
Report abuse