Security, Privacy, and Accessibility
Portflow Trust Portal
Self-service access to security, data privacy and compliance documents
This Portflow Trust Portal is your one-stop shop for information on Portflow’s commitment to security and compliance. Here, you’ll find the resources you need to evaluate Portflow as a trusted partner, whether you’re a potential customer or an existing one performing due diligence.
Within this portal, you’ll have access to Third-Party Audit Reports (Independent verification of the security controls and practices in place for Portflow’s cloud-hosted services) and Compliance Documentation (details on how Portflow adheres to industry data protection standards and regulatory requirements).
We encourage you to explore the portal and gain a comprehensive understanding of Portflow’s unwavering commitment to safeguarding your data and meeting your compliance needs.
Quick Summary
Annual third-party penetration testing
Will enter into a DPA
- Deletes customer data on request
- Sub-processors list available
- One or more annual third-party audit(s)
- Has a disaster recovery plan
- Has cyber insurance
- Has a status page
Compliance & Conformance
Portflow is LTI Advantage certified
Drieam is SOC 2 type II Certified
Drieam was assessed on internal control policies and practices and has received SOC2 type II certification by meeting the stringent requirements set forth by the AICPA and CICA.
Drieam has access control procedures in place and we are fully trusted with highly confidential information such as passwords, documents and secure images.
Drieam is Cyber Essentials Certified
Portflow is certified for the 1EdTech Data Privacy standard
Data Privacy and trust is a key priority for us. With this certificate, Portflow has been vetted for student privacy, data security, and other safety issues by 1EdTech.
Portflow is GDPR compliant
Portflow is built by Drieam, based in The Netherlands. As a European company, we are strictly compliant with data protection laws, including the GDPR. See our Privacy Policy for more information.
Portflow is WCAG 2.2 level AA conformant
As accessibility and inclusivity is a prerequisite for offering personal learning journeys, Drieam is committed to continuously improving the accessibility of Portflow. Currently, Portflow is fully conformant to the WCAG 2.2 level AA and partially level AAA industry standard.
Documents
Frequently Asked Questions
Alumnus account
- Google Oauth
Evidence import
- Microsoft OneDrive
Evidence embedding
- Canvas Studio
- Kaltura
- Panopto
- Vimeo
- YouTube
- Yuja
LMS / VLE
- Canvas LMS by Instructure
- Brightspace by D2L
- Blackboard Learn by Anthology (Q2 2024)
- Moodle (Q2 2024)
Portflow customers’ data is automatically backed up both in real time and on a 24-hour schedule across multiple geographical locations within the EEA, rather than in a single data centre. This enables Drieam to provide superior disaster recovery in the event of an outage. At all times, we aim to be able to restore a full backup within four hours.
Data in transit is encrypted using SSL with a minimum of TLS 1.2 or higher. This ensures that all communication between your browser and our servers and amongst our servers is fully secure, in line with SOC 2 level II requirements..
The data at rest stored in the databases is encrypted using AES-256 block-level storage encryption to ensure its confidentiality and integrity. We use robust security measures to ensure that only authorized users have access to the data, in line with SOC 2 level II requirements.
User and management access it authenticated through either 2-factor authentication (2FA) or identity federation with existing provider (SSO via LTI 1.3).
Since the summer of 2024, Portflow introduced it’s first AI integration. This is an optional feature that can be enabled at the institution’s level by their administrators. This first AI feature allows users to create an analytic summary of received feedback on a goal. For this feature, Portflow uses the high-quality language model GPT 4o mini, offered through Microsoft Azure OpenAI Service, hosted in Sweden (EU). The integration and service ensures that there is no data transfer outside the EU, as well as that the prompt, input content (feedback), and outputs are not used to train or improve language models. In addition, user’s PII is not linked to the data sent to the AI service. More information on Microsoft Azure’s privacy and security can be found on Microsoft’s website.
Portflow is Vetted & Trusted by
Controls
- Firewall access restricted
- Intrusion detection system utilized
- Network firewalls utilized
- Network and system hardening standards maintained
- Log management utilized
- Data encryption utilized
- Password policy enforced
- Vulnerability and system monitoring procedures established
- Continuity and disaster recovery plans tested
- Incident response plan tested
- Development lifecycle established
- Whistleblower policy established
- System changes externally communicated
- Support system available
- Access reviews conducted
- Access requests required
- Production deployment access restricted
- Change management procedures enforced
- Risks assessments performed
- Data classification policy established
- Data retention procedures established