Security Overview


Date: April 10, 2024


Tyfoom has implemented policies, controls and documentation that address the security and governance of our platform and user data. This includes and addresses: Asset Management and Identity and Access Management; Data Security; Company Network and Communications Security; Application Security; Physical and Environmental Security; Supply Chain Risk Management; Disaster Recovery and Data Backup; Security Incident and Event Management; and Threat and Vulnerability Management.

Tyfoom collects and processes the the following information: employee name, email, phone number and data collected in the course of using the app, including the number of videos watched, completed training, quiz scores, etc. 

Administrator access has MFA and complex passwords built into the app. Admin access supports MFA and complex passwords. Tyfoom supports OpenID Connect for all users and admins.

All systems are cloud-based and require MFA/2FA to access. We do not use a VPN, and we adhere to zero-trust security principles. Tyfoom’s development team performs security testing and code review prior to moving any new code into the production environment.

Tyfoom adheres to NIST 800-171 principles. We also adhere to SOC II guidelines. Tyfoom service providers manage their various aspects and will notify of abnormalities in accordance with their policies. Tyfoom is hosted on Heroku, Amazon S3 and AWS which are ISO27001, 27017, 27018 and ISO 9001 compliant. AWS is independently audited using the industry standard SSAE-18 method, and data center operations have been accredited under SOC 1 and SOC 2, SOC 3, SSAE 16/ISAE 3402; PCI DSS Level 1; FISMA Moderate; Sarbanes-Oxley (SOX).

All Data is encrypted. Only client Administrators and designated Tyfoom personnel have access to employee names, phone numbers, email addresses, and data collected in the course of using the app, including the number of videos watched, completed trainings, quiz scores, etc. Admins should add or remove employees for onboarding and termination. Information is not shared with third parties. See Tyfoom’s privacy policy at