After stringent security auditing in collaboration with A-LIGN, Proctorio has become the first learning integrity platform to successfully complete an independent SOC 2 Type 1 Audit.
A-LIGN, a licensed CPA firm with 20 years of SOC experience, evaluated Proctorio’s system design, production environment, and internal processes and procedures and produced a comprehensive report evaluating Proctorio’s Platform as a Service (PaaS) Services System. This report is intended to identify any possible risks that could arise from interactions with Proctorio’s learning integrity system, particularly surrounding system controls that Proctorio has designed, implemented, or operated. The signed report, released on February 17, 2021, confirms that the evaluated system controls provided “reasonable assurance that Proctorio’s service commitments and system requirements would be achieved based on the applicable trust services criteria.”
“This was not a self-evaluation,” said Mike Olsen, Founder and CEO of Proctorio. “This was an objective, third-party, independent audit of our processes and systems in relation to published SOC 2 standards led by A-LIGN, a respected third-party CPA firm with decades of experience in assessing SOC 2 Type 1 compliance. The commitment to and completion of this audit demonstrates Proctorio’s dedication to providing the most secure online proctoring experience for all end users.”
As described on A-LIGN’s website, SOC 2 (System and Organization Controls) examinations were designed by the American Institute of Certified Public Accountants (AICPA) “to assist organizations of any size, regardless of industry and scope, by ensuring the personal assets of their potential and existing customers are protected.” Based on a series of defined principles and criteria set forth by AICPA, SOC 2 reports include assessments of a company’s security, availability, processing integrity, confidentiality, and privacy.
In addition to evaluating Proctorio’s Internal Controls and Risk Assessment Programs, A-LIGN reviewed how Proctorio maintains databases, transports data, deletes data, secures networks, tracks incidents, manages credentials, and more. In 2020, Proctorio proctored over 20 million exams, pushing the total number of exams proctored to 32.5 million since the company’s inception in 2013. The encrypted recordings for each of these exams are stored in SOC 2-attested redundant data centers using three layers of encryption, including Zero-Knowledge Encryption.
In the coming months, Proctorio is also pursuing several other third-party security audits including SSAE 16, ISO 27001, and SOC 2 Type 2, and will also share those results publicly when they become available. Learn more about Proctorio’s commitment to security here.