Learning.com prioritizes protecting our customers and their data, and now we have the proof. Learning.com has just achieved a SOC 2 Type 2 compliance for the second year in a row. This rigorous audit of our security controls and processes ensures that we are taking the necessary steps to protect our customers’ data. The results of the audit, which was performed by an outside agency, confirm that we take the right steps to secure our platform and protect the students, teachers and administrators we serve every day.
Why it’s important
Without good security practices, students, teachers and administrators could have names, passwords, and personal information accidentally exposed or compromised. This could result in others using the information for targeted attacks. Most companies believe they are following good security practices and are not prone to risk. But how would one know they are doing enough? And why is there a discrepancy with those who believe they are doing a good job and the number of companies that are being hacked?
In today’s age, it’s not enough to take a laissez-faire approach to security. Quite often, individuals within the company will implement security only to the extent of their own knowledge. The security of customers’ data is as strong as the weakest point within a system. Without systems, training and a focused effort on security, a company has no idea where its vulnerabilities are and what steps need to be taken to protect its assets.
What SOC 2 Type 2 means
A SOC 2 attestation, which stands for System and Organization Controls, is an audit that assesses companies’ security stance. It’s conducted by a specialized team of experts through a third party, similar to how a company financial audit is done. They analyze the company’s security processes, procedures and controls and determine if those measures are appropriate to the size and type of company. An SOC 2 Type 2 audit takes the assessment to the next level by ensuring a company is actually following the processes, procedures and controls they have in place.
What else we’ve done
The SOC 2 Type 2 compliance is really a small component of what Learning.com has done to ensure your data is safe. We work hard to± ensure our employees are educated, our procedures are well defined, our processes are being followed, and that our security program is top notch. We are constantly testing for flaws and are in a perpetual state of analyzing our approach to security.
Here are a few components that make up our comprehensive data security program:
- An in-depth security awareness training for all employees
- Well defined policies on how we handle data, especially customer data
- A comprehensive change control process
- A well-developed incident response process in the event there is an issue
- Many monitoring systems that alert on both technical and security related measurements
- Routines that ensure systems are up to date and security hardened
- A team dedicated to ensuring systems are running efficiently and securely.
What this means to our customers
Although no one can ever guarantee customer data is 100% safe, we can say with certainty that we are taking the necessary steps to protect our customers’ data and the services they’ve grown to depend on. Whether you’re a student, teacher or administrator, know that when you log into our system, your data is being treated with the utmost of care. After all, our content teaches students how to be safe online, protect their data, and about digital citizenship, we stand behind what we teach and put it into practice here at Learning.com.