ISO 27001 is a security standard that outlines requirements for an information security management system. It lists best practices and security controls related to information risk management. 360Learning is ISO 27001 compliant and participates in annual independent audits to maintain compliance.
The 360Learning data privacy program is built around the EU General Data Protection Regulation (GDPR) and the data protection recommendations issued by EU authorities. Customers are invited to review our privacy documentation and can reach our Data Protection Officer (DPO) for further questions.
To help you with compliance and reporting, we're 100% transparent and give full access to documentation. Our organization and our platform regularly undergo independent verification of security, privacy, and compliance controls, achieving certifications against global standards to earn your trust.
360Learning is using Microsoft Azure as our cloud service provider. Its infrastructure, including all client data, is housed securely in their data centers, in locations non subject to the Patriot Act. Microsoft Azure has been certified with ISO 27001, ISO 27018, SOC 1, SOC 2, SOC 3, and CSA. Their facilities have extensive measures of protection, including 24/7 surveillance, access control, and protection for environmental hazards. Our data is fully backed up once per day in a separate facility to ensure business continuity and disaster recovery.
Our infrastructure is protected and under surveillance at all levels, 24/7, to mitigate the risks of attack. Access is controlled via port scanning and IP filtering, data transfer is secured via forced HTTPs and encryption (AES-256), and our fleet is protected with EDR / XDR to identify and block malicious activity.
We also commission an external security audit twice a year and permit our clients to audit our platform to ensure we meet their specific standards.
360Learning’s internal security team brings several decades of security expertise to our team. Their mission consists of building risk analyses and contingency plans while continuously monitoring our infrastructure vitals. All 360Learning employees complete regular security training to safeguard against phishing and other malicious activities. 360Learning’s DPO is committed to addressing all data concerns while adapting our platform to comply with relevant regulations. As a result, our Orca infrastructure security score exceeds the average by 15%.