There are a lot of factors that go into selecting a digital credentialing platform. One that should be at the top of everyone’s list: data security. Credly serves some of the world’s leading organizations and we believe that our data security should meet our clients’ exacting standards. We adhere to rigorous data integrity processes to ensure every issuing organization feels confident and secure on Credly’s Acclaim platform.
So, what exactly should you look for when it comes to a digital credentialing platform and data security? Here’s a checklist of things to think about based on Credly’s data standards.
Compliance with standard data requirements.
Three key areas of data compliance when it comes to SaaS providers, like a digital credentialing platform, are SOC-2, GDPR, and EU-U.S. Privacy Shield.
Service Organization Control 2 (SOC-2) covers various organization controls related to securely managing customer data, including security, availability, integrity, confidentiality, and privacy. European Union’s General Data Privacy Regulation (GDPR) is designed to give individuals control over their personal data and limit what companies can do with it. The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks enable companies to certify compliance with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. Maintaining compliance with all of these, as Credly does, is extremely important--especially when managing global credentialing programs and badge earner data.
Data integrity checks.
A credentialing platform invested in data security should regularly perform scans of its codebase to check for vulnerabilities. Credy builds data integrity checks into its regular code development and review cycles and periodically engages independent experts to run penetration tests and vulnerability scans of Credly’s code and operating environments. Credly covers it all and you can read more about it here.
Sometimes things happen. Whether it’s a natural disaster or a technical incident, a trustworthy badging platform needs a contingency plan. Credly has an incident response plan that gets reviewed and tested regularly and Credly employees are trained to ensure they can execute it successfully if ever needed.
Data security takes a village. Credly’s physical infrastructure is hosted and managed by Amazon Web Services (AWS), whose data center operations have achieved a wide variety of security certifications and serve as the backbone for security-sensitive organizations. You can read more about AWS’ security program on their cloud-security portal.