At Administrate, we’re aware that our partners trust us with an enormous amount of sensitive data. We have a responsibility to protect payment data, personally identifiable learner, instructor, and staff information, and proprietary training materials for some of the world’s largest companies. That’s why we make information security a top priority.
To achieve that goal, we’ve worked hard and recently completed annual audits to ensure our alignment with not one but two key information security standards – ISO 27001 and SOC II Type 2.
Every year since 2017, Administrate has completed third-party audits to ensure and certify compliance with industry standards. This year, Administrate successfully maintained our implementation of the ISO 27001 and SOC II Type 2 security standards. We take this process very seriously, so that all of our partners can be confident that Administrate’s software and organization can be trusted.
In this blog post, we’ll briefly cover these two security standards and what Administrate does daily to mitigate threats to your data.
The ISO 27001 Certification Standard
The ISO 27001 standard focuses on ensuring that the audited organization has effective and appropriate security controls evidenced by an information security management system, or an ISMS. An ISMS is a system of controls used by an organization to ensure secure handling of data within the business. There are two kinds of controls: technical and personnel controls. Technical controls govern how software is designed, implemented, and maintained to ensure that it is secure against unauthorized access. People controls consist of training employees and partners in best practices for secure handling of systems and data.
The goal of an ISMS for the ISO 27001 standard is simple: it needs to account for the information security risks that the organization faces, and it needs to reduce those risks to acceptable levels. There’s no such thing as absolute security. However, a successful ISO 27001 certification indicates that an organization has taken extensive measures to identify, manage, and mitigate information security risks by implementing recognized best practices for information security.
Administrate is proud to announce that we received a completely clean report from our auditors, identifying zero areas where Administrate’s ISMS was non-conforming to information security best practices. That achievement is the result of years of hard work and dedication from our Security team and the whole organization.
The SOC II Type Two Report
The SOC II Type Two standard is a guide for auditors to produce a report based on an organization’s ability to uphold controls aligning with five trust categories: security, availability, confidentiality, processing integrity, and privacy. SOC II reports look at the performance and operating effectiveness of controls over time, meaning that Administrate’s security controls have been audited in-action as part of our SOC II Type Two report.
SOC II Type 2 reports assess organizations on five Trust Service Principles: security, availability, processing integrity, confidentiality, and privacy. An organization’s approach to meeting these principles will differ across different business models and applications, but demonstrating appropriate procedures to align with the principles is the core of the SOC II Type 2 audit.
And Administrate is again proud to announce that thanks to the efforts of our Security team and our organization-wide focus on maintaining strong controls, our 2022-2023 SOC audit was a clean sheet, with no problems in Administrate’s controls or our implementation of those controls.
Administrate’s Commitment to Security
Security is a process and a moving target, not a static achievement. Administrate’s certifications and successful audits reflect a long-term and organization-wide commitment to maintaining high security standards and effective controls.
Administrate’s Security team has worked alongside auditors and experts in the security field since 2017 to develop and implement best practices. We’re committed not just to achieving technical excellence or merely meeting standards, but going above and beyond to ensure that our security controls and practices are the best that they can be. That’s included effort over the past few years to make our procedures easier to communicate and therefore easier to implement, for example.
Every year, Administrate strives to achieve higher standards of security for our partners, and our successful ISO 27001 and SOC II Type 2 audits are a reflection of that effort.
If you’d like to know more about Administrate’s overall security, privacy, and trust mission, visit our Trust Page to see a full list of the standards we comply with and how our software infrastructure supports secure operations.