Security and Privacy
Eduframe Trust Portal
Self-service access to security, data privacy and compliance documents
The Eduframe Trust Portal serves as your central resource for information about Eduframe’s dedication to security and compliance. Whether you’re a potential customer or an existing one conducting due diligence, this portal provides the essential resources to assess Eduframe as a reliable partner.
Here, you’ll find Third-Party Audit Reports, which offer independent verification of the security controls and practices in place for Eduframe’s cloud-hosted services, as well as Compliance Documentation outlining how Eduframe meets industry data protection standards and regulatory requirements.
We invite you to explore the portal to gain a thorough understanding of Eduframe’s steadfast commitment to protecting your data and fulfilling your compliance needs.
Quick Summary
Annual third-party penetration testing
Will enter into a DPA
- Deletes customer data on request
Sub-processors list available
- One or more annual third-party audit(s)
- Has a disaster recovery plan
- Has cyber insurance
- Has a status page
Compliance & Conformance
Eduframe is LTI Advantage certified
Eduframe’s integrated plugins are built on the trusted and proven Drieam LTI framework. This framework ensures the secure and stable data exchange with the LMS. The Drieam LTI framework is certified for LTI v 1.3, LTI Assignment & Grade Services, LTI Deep Linking 2.0. and LTI Names and Role Provisioning Services 2.0.
Drieam is SOC 2 type II Certified
Drieam was assessed on internal control policies and practices and has received SOC2 type II certification by meeting the stringent requirements set forth by the AICPA and CICA.
Drieam has access control procedures in place and we are fully trusted with highly confidential information such as passwords, documents and secure images.
Drieam is Cyber Essentials Certified
Drieam has the appropriate measures in place to be protected against a wide variety of the most common cyber attacks as certified by our Cyber Essentials Certificate. Cyber Essentials certification demonstrates that an organisation is protecting itself by implementing the most important cyber security controls.
Eduframe is certified for the 1EdTech Data Privacy standard
Data Privacy and trust is a key priority for us. With this certificate, Eduframe has been vetted for student privacy, data security, and other safety issues by 1EdTech.
Eduframe is GDPR compliant
Eduframe is built by Drieam, based in The Netherlands. As a European company, we are strictly compliant with data protection laws, including the GDPR. See our Privacy Policy for more information.
Eduframe is Canvas Integration Certified
Eduframe is certified by Instructure for seamless Canvas LMS integration, built using the latest standards, operational functionality, and optimized user experience, with privacy and accessibility details provided.
Eduframe & FERPA
FERPA (34 CFR Part 99) governs how U.S. educational institutions handle student education records. The Department of Education provides guidance and training but does not accredit or certify vendors. Eduframe supports institutional FERPA compliance by:
- acting as a data processor under contract (no secondary use or sale of Student PII);
- implementing administrative, technical, and organizational safeguards aligned to SOC 2 Type II;
- operating with GDPR-aligned privacy practices; and
- maintaining 1EdTech Data Privacy certification to demonstrate sector-specific controls and transparency.
Documentation (DPA/security pack) is available below.
Documents
Controls
- Firewall access restricted
- Intrusion detection system utilized
- Network firewalls utilized
- Network and system hardening standards maintained
- Log management utilized
- Data encryption utilized
- Password policy enforced
- Vulnerability and system monitoring procedures established
- Continuity and disaster recovery plans tested
- Incident response plan tested
- Development lifecycle established
- Whistleblower policy established
- System changes externally communicated
- Support system available
- Access reviews conducted
- Access requests required
- Production deployment access restricted
- Change management procedures enforced
- Risks assessments performed
- Data classification policy established
- Data retention procedures established
