Information Security FAQ

The Core Strengths RQ Admin app allows access to specific user data that enables the Core Strengths RQ app to show meeting participant insights. Specifically, the two scopes present on the Core Strengths RQ Admin page “meeting:read:admin” and “webinar:read:admin” are only available within a zoom admin app and enables the integration to display Core Strengths insights within a meeting.

To install this app you must first add the Core Strengths Admin app. Follow the steps below to install the admin app.

1. Log in to Zoom.

2. Navigate to the Zoom Marketplace by clicking on the “Apps” button.

3. Find the app by searching “Core Strengths RQ Admin” in the search bar.

4. Select the Core Strengths Admin RQ app and click add. This will open up a new window prompting you to authorize Core Strength's access to your Zoom account. Click authorize to install app.

5. Once the app is installed, click on the app in your apps window and enter your Core Strengths credentials.

6. Select the desired Core Strengths account.

7. Follow the getting started tutorial to use the app to improve your virtual conversations and meetings inside Zoom!

To install the Core Strengths RQ you must first add the Core Strengths Admin app. Follow the steps below to install the app for individuals.

1. Log in to Zoom.

2. Navigate to the Zoom Marketplace by clicking on the “Apps” button.

3. Find the app by searching “Core Strengths RQ” in the search bar.

4. Select the Core Strengths app and click install.

5. Once the app is installed, click on the app in your apps window and enter your Core Strengths credentials.

6. Select the desired Core Strengths account.

7. Follow the getting started tutorial to use the app to improve your virtual conversations and meetings inside Zoom!

Core Strengths has an active ISMS (Information Security Management System) Team. The Executive leadership actively engages with the ISMS Team, and the Core Strengths Board is provided with updates on security threats, hygiene, and the maturity of the Information Security Management System. We invest heavily in protecting the confidentiality, integrity, availability, security, and privacy of customer data.

Please review the information below and if you have any additional question on security, privacy, and support don’t hesitate to reach to us directly at the https://help.cruciallearning.com/s/.

Core Strengths holds an ISO 27001 certification as well as Privacy Shield and CyberEssentials certification. We continue our pursuit to improve and ac

Yes. Core Strengths data is encrypted at rest and in transit using industry-standard ciphers and methods. This includes the use of AES-256 and TLS encryption ciphers. Encryption keys are stored securely with limited access using Key Management Services (KMS) that AWS fully manages. Advanced encryption is applied to various application infrastructure layers, including disk, application, and database encryption. Sharing of encryption keys is prohibited, and essential management procedures are reviewed on an annual basis.

Yes. We offer SSO capabilities to customers.

Yes. Core Strengths uses MFA to authenticate employees that have direct access to Core Strengths’ owned and managed resources. Employees are required to use Multi-Factor Authentication (MFA) for key application and privileged access.

Core Strengths provides a number of mechanisms to help customers keep their data secure and control access. This includes a series of controls based on the principle of least privilege. Our Relationship Intelligence Platform is fully responsive across desktop, laptop, and mobile devices. Security event and audit logs are collected and monitored to detect and respond to anomalous behavior.

Multi-factor authentication (MFA) is required for Core Strengths employees to access information systems and resources. Access is controlled through a central directory system, with access limited and granted based on the principle of least privilege.

Our Relationship Intelligence Platform delivers a user-friendly experience through the implementation of role-based access features.

Our platform is built on isolated, private networks using security groups and firewalls within virtual private clouds (VPC). All inbound and internal traffic is restricted to specific ports across a limited group of machines. All traffic rates, sources, and types are actively monitored at various points in the network beyond ingress and firewalls. Core Strengths logically isolates customer data using application container technology and unique identifiers, which assures that access to customer data is limited to only that customer.

Customer data will be deleted upon written request. In general, customer data is retained as needed to satisfy data classification and external requirements.

Asset disposal and repurposing follow the process and procedure outlined in our Asset Management Policy which is a part of our ISMS. An Independent Auditor has validated the existence of this policy and the related controls as part of the ISO 27001 certification audit. Upon a customer’s written request for data erasure, Core Strengths shall remove the customer’s data within thirty (30) days of the request. Unless otherwise instructed or pursuant to applicable law, Core Strengths will retain for perpetuity. Upon request, Core Strengths will provide a log or copy of the data that was deleted.

Cloud-Based (AWS) Media

When AWS determines that media has reached the end of its useful life or it experiences a hardware fault, AWS follows the techniques detailed in Department of Defense (DoD) 5220.22-M (“National Industrial Security Program Operating Manual”) or NIST SP 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process. Please refer to the AWS website for more information: https://aws.amazon.com/compliance/data-center/controls/

Yes, we use Independent penetration testing and automated testing in our secure development practices are conducted to enable the identification and mitigation of vulnerabilities.

Core Strengths leverages third parties for independent penetration tests of our applications, services, and businesses as a whole. These have resulted in continuous updates to our environment and processes for improving security and reliability. These assessments are part of ongoing compliance and security requirements to maintain Core Strengths as a trusted provider of services.

If you are in an open sharing environment, you will need to have your data removed from your organization's account. If you are in a closed-sharing environment, you will have to connect with other users in the account before they can see your results. You can remove connections from the app and the Core Strengths website.

Please visit here to view our privacy policies. No. We do not persist any data through the integration, and we don’t sell any data.

Yes. We comply with international privacy, security, and confidentiality protocols, regulations, and requirements like GDPR and CCPA.

Core Strengths holds an ISO 27001 certification as well as Privacy Shield and CyberEssentials certification. We continue our pursuit to improve and achieve robust industry accreditations/ certifications. Insert info about SOC2 here?

No. We do not persist any data, and we don’t sell any data.

You can contact our Help Desk by visiting the https://help.cruciallearning.com/s/

You can report bugs or technical issues by completing the form at the https://help.cruciallearning.com/s/

You can provide your ideas by completing the form at the https://help.cruciallearning.com/s/

The Core Strengths Zoom app has access to Zoom meeting details and user information.

The Core Strengths Zoom app uses user information and meeting details to provide collaboration and communication tips personalized to the people who attend your meetings.