diff --git a/docs/concepts.md b/docs/concepts.md
index 56892ba97c3b27bd1692976fd9a060692b22d406..bcbc5a91724adbf93160deaf30a291704c1f81a1 100644
--- a/docs/concepts.md
+++ b/docs/concepts.md
@@ -1,9 +1,49 @@
 # IICS Concepts
 
 ## Secure Agent
-A Java program that runs all tasks and enables secure communication across the firewall between our organization and 
+
+A Secure Agent is a Java program that runs integration tasks and enables secure communication across the firewall between our organization and 
 IICS. More details can be found [here](https://docs.informatica.com/integration-cloud/cloud-platform/current-version/administrator/runtime-environments/secure-agents.html).
 
+### Costs
+
+Secure Agents are licensed at a per-Secure-Agent rate.
+Secure Agents are installed at one Secure Agent per VM/host, or one Secure Agent per Docker Container.
+For more information on the exact cost of a Secure Agent license, please contact us.
+
+### Responsibilities
+
+By running a Secure Agent, you are responsible for ensuring the availability of the Secure Agent program and its underlying VM/host.
+The Secure Agent program is upgraded automatically by Informatica, but you are responsible for managing/patching the underlying operating system.
+
+### Recommendations
+
+The DoIT Integration Platform team has experience managing secure agents.
+We run our secure agent in a Docker container on Linux, hosted by Amazon Web Services (AWS).
+We use AWS Elastic Container Service (ECS) to manage the secure agent deployment environment.
+By allowing ECS to run the Secure Agent container, we can make sure that the Secure Agent is always running because ECS would bring up a new instance if the current instance crashed.
+
+From our experience of running secure agents, we recommend the following when running your own secure agent:
+
+- **Reduce file system level access to the Secure Agent host:** Although access to the local file system is sometimes necessary to troubleshoot integrations, we recommend avoiding using the secure agent's file system for integrations, where possible.
+For integrations that deal with flat files, using Amazon S3 along with the [IICS S3 connector](https://docs.informatica.com/integration-cloud/cloud-data-integration-connectors/current-version/amazon-s3-connector/preface.html) allows an integration to use flat files without being closely tied to the underlying file system of the Secure Agent host.
+By using S3 instead of the Secure Agent file system, permissions and user accounts can be managed in AWS. AWS offers more self-service and automated interfaces compared to managing user accounts accounts and permissions directly in a Secure Agent host.
+- **Avoid maintaining state in a Secure Agent host:** Related to the ["Pets vs. Cattle" analogy](https://www.slideshare.net/randybias/the-history-of-pets-vs-cattle-and-using-it-properly), we recommend treating Secure Agents as ephemeral components of the overall integration architecture.
+Accordingly, make sure configuration files and log files are stored externally to the Secure Agent host.
+The DoIT Integration platform team uses AWS Elastic File System to persist configuration files.
+By doing this, we can destroy and replace our Secure Agent container, or underlying EC2 host, with confidence that the Secure Agent will start and operate in a consistent manner.
+
+### High Availability
+
+While a single Secure Agent is most cost effective, it does introduce a risk if the Secure Agent or underlying host were to fail.
+By running the Secure Agent in a container platform such as AWS Elastic Container Service (ECS), you can make sure that a single Secure Agent is always running.
+If the Secure Agent were to crash, ECS can automatically start a new container.
+
+This containerized single Secure Agent architecture is appropriate for scheduled ETL jobs, but event-driven integrations, such as integrations built on Cloud Application Integration (CAI), have different requirements.
+For event-driven integrations, we recommend running at least two Secure Agents in parallel.
+If one Secure Agent were to crash, the other would be able to handle requests while the a new Secure Agent is brought up.
+
+For more information on Secure Agents with Cloud Application Integration, please [see this documentation from Informatica](https://kb.informatica.com/faq/7/pages/19/514162.aspx).
 
 ## Cloud Data Integration (CDI) and Cloud Application Integration (CAI)
 
@@ -39,4 +79,4 @@ CAI is best used for projects that have the following characteristics:
 - Event based / Real time integrations
 - Direct access to APIs
 - Business Processes
-- Composite Services, APIs
+- Composite Services, APIs
\ No newline at end of file
diff --git a/docs/training.md b/docs/training.md
index 7b413e0f355e5aae00342adb66b4a00dcbfe1def..d5cf605522a75855678e309f133f4447451d4e32 100644
--- a/docs/training.md
+++ b/docs/training.md
@@ -43,4 +43,11 @@ For Application Integration, we recommend starting with the training "[Cloud App
 Informatica offers video tutorials, how-to guides, and webinars through the [Success Portal](https://success.informatica.com/).
 Under "Product Learning Path", select Cloud Application Integration or Cloud Data Integration.
 
-Some areas of the Success Portal link out to [Informatica Network](https://network.informatica.com/), which includes FAQ articles, the Knowledge Base, product documentation, and user forums referred to as Communities.
\ No newline at end of file
+Some areas of the Success Portal link out to [Informatica Network](https://network.informatica.com/), which includes FAQ articles, the Knowledge Base, product documentation, and user forums referred to as Communities.
+
+## Secure Agents for Training
+
+During some trainings, there might be mentions of setting up your own secure agent or accessing a secure agent directly.
+For training purposes, the shared test organization can be used to create secure agents.
+
+Please make sure to destroy any secure agents used for training purposes when the training is completed.
\ No newline at end of file