Our security program is built based on ISO 27001, NIST’s Cyber Security Framework, AICPA’s Trust Services Principles and Criteria, and SANS’ CIS Critical Security Controls. And we develop our applications abiding with OWASP’s Top 10. We implement both preventative and detective mechanisms, as well as processes, controls, and tools in layers—helping to mitigate risks that might impact data, people, systems, operations, products, and our mission as a company. We also encrypt data in transit and at rest using known strong cryptographic protocols and ciphers. We produce SOC2 Type 2 reports annually to demonstrate Instructure’s compliance with industry best practices for security, availability, confidentiality, processing integrity, and privacy. You can reach out to your customer support manager for a copy of this report. Our dedicated security team is full of passionate, skilled, experienced security professionals who focus on detecting and protecting against badness, and earning and maintaining your trust.