PRIVACY & SECURITY · April 14, 2021

Proctorio becomes SOC 2 Type 1 compliant proctoring provider

After stringent security auditing in collaboration with A-LIGN, we’re excited to announce that Proctorio has successfully completed an independent SOC 2 Type 1 Audit!

A-LIGN, a licensed CPA firm with 20 years of SOC experience, evaluated Proctorio’s system design, production environment, and internal processes and procedures and produced a comprehensive report evaluating Proctorio’s Platform as a Service (PaaS) Services System. This report is meant to identify any possible risks that could arise from interactions with our learning integrity system, particularly risks surrounding system controls that Proctorio has designed, implemented, or operated. The signed report, released on February 17, 2021, confirms that the evaluated system controls provided “reasonable assurance that Proctorio’s service commitments and system requirements would be achieved based on the applicable trust services criteria.”

Rather than self-evaluating compliance, Proctorio intentionally solicited A-LIGN’s support for an objective, third-party, independent audit of our processes and systems in relation to published SOC 2 standards. When it comes to protecting test-taker privacy and data security, Proctorio deeply values compliance with the most rigorous industry standards and the insight gained from collaboration with industry experts with decades of auditing experience. The commitment to and completion of this audit demonstrates Proctorio’s dedication to providing the most secure online proctoring experience for all end users.

As described on A-LIGN’s website, SOC 2 (System and Organization Controls) examinations were designed by the American Institute of Certified Public Accountants (AICPA) “to assist organizations of any size, regardless of industry and scope, by ensuring the personal assets of their potential and existing customers are protected.” Based on a series of defined principles and criteria set forth by AICPA, SOC 2 reports include assessment of a company’s security, availability, processing integrity, confidentiality, and privacy.

In addition to evaluating Proctorio’s Internal Controls and Risk Assessment Programs, A-LIGN reviewed how Proctorio maintains databases, transports data, deletes data, secures networks, tracks incidents, manages credentials, and more. In 2020, Proctorio proctored over 20 million exams, pushing the total number of exams proctored to 32.5 million since the company’s inception in 2013. The encrypted recordings for each of these exams are stored in SOC 2-attested redundant data centers using three layers of encryption, including Zero-Knowledge Encryption.

In the upcoming months, we are also pursuing several other third-party security audits including SSAE 16, ISO 27001, and SOC 2 Type 2 and will also share those results publicly when they become available. Learn more about Proctorio’s commitment to security here.

Note: This blog post was updated for clarity on June 23, 2021.

Related blog posts

June 25, 2021

PRIVACY & SECURITY

Proctorio achieves ISO 27001:2013 Information Security Certification

November 01, 2020

PRIVACY & SECURITY

Enhanced encryption and security features for Fall Semester 2020

October 06, 2020

PRIVACY & SECURITY

Why Proctorio requests certain browser permissions

August 16, 2020

PRIVACY & SECURITY

Why Proctorio does not use facial recognition

August 15, 2020

PRIVACY & SECURITY

How Proctorio approaches data security and test-taker privacy