Our commitment to
security and compliance
so you can focus 100% on business at hand.
Partner with a trusted and certified vendor
Compliance
Transparent GDPR documentation
Our organization and our platform regularly undergo independent verification of security, privacy, and compliance controls, achieving certifications against global standards.
Customers are invited to review our privacy documentation and can reach our Data Protection Officer (DPO) for further questions.
Ethics, Social and Environmental Responsibility Charter
Our Ethics, Social and Environmental Responsibility Charter describes how 360Learning and all 360Learners conduct business, and outlines the fundamental values we share as a group, wherever we operate in the world. Find our CSR charter here.
Any concerns? Speak up!
360Learning has set up an Ethics hotline to report any conduct or situation that does not comply with the Charter or with applicable laws and regulations.
The procedure is available to anyone who wishes to make an alert.
Digital Services Act (DSA)
Under the European Digital Services Act of October 19, 2022 (“DSA”), 360Learning, qualifies as a service intermediary offering hosting services.
360Learning implements the necessary measures to comply with its obligations under the DSA. The rules governing the use of the 360Learning platform, the procedure for handling reports of illegal content and the platform's moderation policy are available in the Technical Documentation.
In accordance with its obligations under the DSA, 360Learning has designated data-protection@360learning.com as its single point of contact for all communications relating to DSA compliance.
Security
ISO 27001
ISO 27001 is a security standard that outlines requirements for an information security management system. It lists best practices and security controls related to information risk management. 360Learning is ISO 27001 compliant and participates in annual independent audits to maintain compliance.
Azure cloud hosting
360Learning is using Microsoft Azure as our cloud service provider. Its infrastructure, including all client data, is housed securely in their data centers, in locations non subject to the Patriot Act. Microsoft Azure has been certified with ISO 27001, ISO 27018, SOC 1, SOC 2, SOC 3, and CSA. Their facilities have extensive measures of protection, including 24/7 surveillance, access control, and protection for environmental hazards. Our data is fully backed up once per day in a separate facility to ensure business continuity and disaster recovery.
Security at all levels
Our infrastructure is protected and under surveillance at all levels, 24/7. Access is controlled via port scanning and IP filtering, data transfer is secured via forced HTTPs and encryption (AES-256). Our fleet is protected with EDR / XDR to identify and block malicious activity.
We also commission an external security audit twice a year and permit our clients to audit our platform.
360Learning’s internal security team brings several decades of security expertise. All 360Learning employees complete regular security training to detect phishing and other malicious activities.
Our Orca infrastructure security score exceeds the average by 15%.