We are delighted to announce that eduMe has received a clean SOC 2 Type 2 attestation report, and is now SOC 2 Type 2 compliant.
The audit conducted by Prescient Assurance - a leader in security and compliance attestation for B2B, SAAS companies worldwide - found that eduMe meets the SOC 2 Type 2 standards with zero exceptions listed. This rigorous, independent assessment of our internal security controls serves as validation of our dedication and adherence to the highest standards for security.
SOC 2 Type 2 is a demanding benchmark of enterprise security and compliance. We are delighted to receive this report with zero exceptions, highlighting our ability to provide a best-in-class service for all our customers and give them the confidence they need to focus on what matters - empowering their workforce.
- Mikko Heikelä, CTO at eduMe
Read on to find out what we have achieved, why we pursued SOC 2 compliance, and how we are continuously improving our internal processes to reinforce our commitment to safeguarding customers.
Our commitment to security
At eduMe,
- We consider security and privacy one of our top priorities. Pursuing SOC 2 demonstrates our commitment.
- We want you to use eduMe with peace of mind that your data is safe with us.
- For security-conscious businesses, SOC 2 is becoming a minimal requirement when considering a third party provider. For good reason - it helps us to continually improve our own security practices.
- It allows us to ensure the highest level of security for our customers. By validating our controls diligently, we are better equipped to prevent data breaches and violations of a users’ privacy. This protects them from the negative effects of data compromises, such as regulatory action and reputational damage.
What is SOC 2?
SOC 2 compliance aims to ensure organisations securely manage data to protect their customers and partners. Developed by the American Institute of CPAs (AICPA), SOC 2 requires compliance for managing customer data based on five criteria or “trust services criteria” - security, availability, processing integrity, confidentiality and privacy.
SOC 2 is an audit framework that assesses an organisation's internal controls and processes. The audit report is issued by a third-party auditor and provides assurance to stakeholders that an organisation has adequate controls in place to protect the security and privacy of their data.
Why we pursued SOC 2
In June 2022, we announced our achievement of SOC 2 Type 1 compliance. The process involved a comprehensive evaluation of our security processes, but only captured a snapshot of our controls at a specific point in time.
Pursuing a SOC 2 Type 2 audit meant that we could go a step further, inviting an independent auditor to validate how well our system and controls perform over time to ensure continued compliance and reliability for our enterprise-level customers.
How we're continuing to safeguard our customers
This is an important milestone but is in no way an end to our commitment to our customers and the security of their data.
eduMe’s mission is to give everyone the opportunity to be successful at work. We ensure that data flows freely, illuminating the path so that you’re no longer operating in the dark.
Data is an integral part of the eduMe platform, helping us to improve personalisation, timeliness of training and continuous learning - but the connectivity we offer is always designed with security in mind.
Here are some of the ways in which we are working to continuously improve our internal processes to provide you with a secure and seamless user experience.
Drata
eduMe uses Drata’s automated platform to continuously monitor its internal security controls against the highest possible standards. With Drata, eduMe has real-time visibility across the organisation to ensure the end-to-end security and compliance posture of our systems.
GDPR
Our approach towards privacy and security aligns with the principles of GDPR. It is important that we acknowledge our responsibilities both as a data controller and data processor. We process and store your data with care so you can continue to build trust while bringing value to your learners.
For more information on eduMe’s security, please refer to our Security page for more details.
If you have any questions, please drop us a message security@edume.com or reach out to your Customer Success Manager. We welcome all customers and prospects who are interested in discussing our commitment to security and reviewing our SOC 2 compliance reports to contact us.
About eduMe
eduMe is the training platform of choice for the frontline. eduMe allows global companies, including Uber, Marriott and Vodafone to seamlessly deliver immersive, consumer-grade training, in the flow of work, allowing them to improve productivity, retention and safety. eduMe is integrated into the tools your frontline already uses, such as MS Teams, Workday, Braze, Beekeeper and Fountain. eduMe is headquartered in London, UK with offices in Santa Monica, USA. Visit our homepage to learn more.