Security and Data Protection.

Cognise is designed to meet the security, privacy, and governance requirements of large organisations and public sector environments. Security controls, data protection, and operational practices are embedded across the platform and supported by enterprise-grade infrastructure.

Cognise runs entirely on the trusted industry-leading cloud service provider Amazon Web Services (AWS). We use AWS for the hosting of staging and production environments. AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance and are SOC 1, SOC 2, and SOC 3 certified.

AWS’s security policy is published here: https://aws.amazon.com/security

A laptop with a photo of two women smiling, standing with arms crossed, on its screen. Surrounding the laptop are five circular images of diverse professionals, two on the left in purple background, and three on the right in blue background, with a padlock icon above the laptop.

Platform and Infrastructure Security

A shared responsibility model

Cognise operates under a shared responsibility model, where platform security, access controls, and application-level protections are managed by Cognise, and underlying infrastructure security is provided by our cloud service provider.

Security is treated as an ongoing operational responsibility, not a one-time configuration.

Secure cloud infrastructure

Cognise is hosted on Amazon Web Services (AWS), using industry-standard cloud infrastructure for both production and staging environments.

AWS data centres are protected by multiple layers of physical and operational security, including 24/7 monitoring and independent third-party certifications.

Cognise leverages this infrastructure while applying additional application-level security controls appropriate for enterprise and public sector use.

Protecting data and access

Cognise implements controls to protect customer data and manage access appropriately, including:

  • Role-based access controls for learners, managers, and administrators

  • Secure authentication options, including optional single sign-on and multi-factor authentication

  • Logical separation of customer data

  • Controlled access to production environments

These controls are designed to support governance, auditing, and internal policy requirements.

Operational liability

Cognise is designed for high availability and operational resilience.

Data is backed up regularly, and recovery processes are in place to support business continuity in the event of a service disruption.

Service availability and support commitments are defined under a formal SLA as part of the SaaS agreement.

Supporting organisational obligations

Cognise supports organisations in meeting their security and privacy obligations by providing:

  • Clear audit and reporting capabilities

  • Configurable access and approval workflows

  • Formal contractual commitments covering data handling and service levels

Privacy, data protection, and security obligations are defined contractually and reviewed as part of customer onboarding.

Security information for procurement and IT teams

Security documentation and responses to due diligence questionnaires are provided as part of the sales and onboarding process.

This ensures customers receive accurate, current information aligned to their specific environment and risk profile.

Frequently Asked Questions

  • Cognise runs from AWS’s data centre located in Sydney, Australia and utilises some services in Oregon, USA which are not available in Sydney.

    We also run Cloudfront distributions which are available globally. For more information on AWS security, click here.

  • Customer data is logically separated and protected through application-level controls and secure access practices.

    Access to data is governed by role-based permissions, and operational access to production environments is tightly controlled.

  • Yes. Cognise supports role-based access controls and optional enterprise authentication features such as single sign-on and multi-factor authentication.

    Authentication and access options are configured as part of onboarding to align with organisational requirements.

  • Cognise is designed for high availability and operational resilience, with regular backups and recovery processes in place.

    Service availability, support, and response commitments are defined under a formal SLA as part of the SaaS agreement.

  • Security documentation and responses to due-diligence or security questionnaires are provided during the sales and onboarding process.

    This ensures information is accurate, current, and tailored to your organisation’s requirements.

  • All communications with and between Cognise servers are encrypted using industry-standard TLS/SSL.

  • AWS facilities are accredited under: ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)

  • NZ Government Agencies

    Download: NZ Govt. Risk Assessment Tool here.

  • Download: More info on Cognise Security.

  • For admins and end users of Cognise, we offer 2FA and SSO.

    These are built on industry standards.

Have a question?

Get in touch

Digital graphic with a purple checkmark inside a pink hexagon at the top and a professional man in a suit with a background of data charts at the bottom.

Built for learning at organisational scale.

Cognise brings structure, visibility, and confidence to learning in large, complex organisations.

Request a Demo