Security statement

Brilliant Assessments | Updated July 2025

Brilliant Assessments has taken appropriate technical and organizational measures to protect the personal data of its Users.

Brilliant Assessments has been independently audited and has obtained  SAE 3150 Type II – Service Organization Control (SOC 2) certification. Type II is the highest level of certification specified by that standard.

As part of that certification, we have regular third-party technical security reviews of the system and significant issues are addressed promptly.

All data is held in Amazon Web Services’ data center in Central Canada. Canada was chosen to leverage that country's Privacy Laws and to be compliant with EU and UK GDPR requirements. Further details are available here https://aws.amazon.com/security/. We perform additional data backups daily which are transferred to another AWS site in Ireland, fully encrypted.

Our software is developed using Microsoft software and standards.  We use the latest versions and rapidly install new versions of all system software, particularly if there is a security implication.

We use Transport Layer Security (TLS) encryption, HTTPS (RSA 2048 bit) for all transmitted data, and all data is held Encrypted at Rest, using Microsoft’s Transparent Data Encryption (TDE) on SQL Server Enterprise Edition.  All backups are held encrypted.

You control who has access to your system and data.  It is important for your users to practice sound security practices by using strong account passwords and restricting access to their accounts to authorized persons.  Two Factor Authentication (2FA) is enforced on your site for all administrators and is available for Assessment Manager and Respondent roles if you choose to enforce it.

Support Personnel can only access your system if you allow it, using the Support Access Checkbox on the Settings Screen.

Access to database servers is restricted to a small number of specific individuals and specified IP Addresses.

When using AI Suggest and AI Interpretations data is passed to Microsoft Azure’s Open AI service fully encrypted using TLS and HTTPS as above. When we build prompts (via Semantic Kernel), the context we inject (such as user-specific knowledge or task data) is temporary and scoped to your session. That context is not logged or persisted by Azure OpenAI — it is used transiently to generate a response and then discarded by the service. The history is retained on our secured AWS database and retransmitted as needed. Azure’s OpenAI Service does not use your data, prompts, or completions for training OpenAI models.

Questions regarding this statement should be sent to support@brilliantassessments.com.