Security and Privacy
Eduframe Trust Portal
Self-service access to security, data privacy and compliance documents
The Eduframe Trust Portal serves as your central resource for information about Eduframe’s dedication to security and compliance. Whether you’re a potential customer or an existing one conducting due diligence, this portal provides the essential resources to assess Eduframe as a reliable partner.
Here, you’ll find Third-Party Audit Reports, which offer independent verification of the security controls and practices in place for Eduframe’s cloud-hosted services, as well as Compliance Documentation outlining how Eduframe meets industry data protection standards and regulatory requirements.
We invite you to explore the portal to gain a thorough understanding of Eduframe’s steadfast commitment to protecting your data and fulfilling your compliance needs.
Quick Summary
Annual third-party penetration testing
Will enter into a DPA
- Deletes customer data on request
Sub-processors list available
- One or more annual third-party audit(s)
- Has a disaster recovery plan
- Has cyber insurance
- Has a status page
Compliance & Conformance
Eduframe is LTI Advantage certified
Eduframe’s integrated plugins are built on the trusted and proven Drieam LTI framework. This framework ensures the secure and stable data exchange with the LMS. The Drieam LTI framework is certified for LTI v 1.3, LTI Assignment & Grade Services, LTI Deep Linking 2.0. and LTI Names and Role Provisioning Services 2.0.
Drieam is SOC 2 type II Certified
Drieam was assessed on internal control policies and practices and has received SOC2 type II certification by meeting the stringent requirements set forth by the AICPA and CICA.
Drieam has access control procedures in place and we are fully trusted with highly confidential information such as passwords, documents and secure images.
Drieam is Cyber Essentials Certified
Eduframe is certified for the 1EdTech Data Privacy standard
Data Privacy and trust is a key priority for us. With this certificate, Eduframe has been vetted for student privacy, data security, and other safety issues by 1EdTech.
Eduframe is GDPR compliant
Eduframe is built by Drieam, based in The Netherlands. As a European company, we are strictly compliant with data protection laws, including the GDPR. See our Privacy Policy for more information.
Documents
Controls
- Firewall access restricted
- Intrusion detection system utilized
- Network firewalls utilized
- Network and system hardening standards maintained
- Log management utilized
- Data encryption utilized
- Password policy enforced
- Vulnerability and system monitoring procedures established
- Continuity and disaster recovery plans tested
- Incident response plan tested
- Development lifecycle established
- Whistleblower policy established
- System changes externally communicated
- Support system available
- Access reviews conducted
- Access requests required
- Production deployment access restricted
- Change management procedures enforced
- Risks assessments performed
- Data classification policy established
- Data retention procedures established