banner cta - brand blue

Instructure Trust Center

Compliance

At Instructure, we consider compliance as a top priority and consistently strive to uphold the highest standards of regulatory compliance and industry best practices. We have established a comprehensive framework that encompasses various essential components to ensure our compliance objectives are met.

Continuous Monitoring

We maintain a vigilant and proactive approach to monitoring compliance-related activities, allowing us to promptly identify and address any deviations from established standards.

Regular audits and assessments are conducted to validate adherence to relevant frameworks, such as SOC 2 Type 2, ISO 27001, and NIST 800-53. These audits provide us with a comprehensive view of our compliance posture and enable us to take prompt corrective actions when necessary.

Metrics Development and Reporting

We employ a rigorous metrics development and reporting process to track and measure our compliance performance accurately. This enables us to assess the effectiveness of our compliance initiatives and make data-driven decisions.

A group of professionals in a meeting

External Assessment

We engage in regular external assessments and audits conducted by independent experts to validate our compliance efforts. These assessments provide valuable insights and assurances to our stakeholders, regulatory bodies, and customers.

Our Compliance

Risk Management Program

We have implemented a robust Risk Management Program that encompasses the identification, assessment, mitigation and monitoring of risks across Instructure. The program enables us to proactively manage risks and ensure compliance with applicable regulations.

personalized offering

Risk Identification and Reporting

Risk Identification and reporting are integral to our Risk Management Program at Instructure. Our dedicated team collaborates with stakeholders to systematically identify and assess potential risks. Through a structured reporting framework, we provide timely updates to key stakeholders, including clear risk descriptions, potential consequences, and recommended mitigation strategies. Our commitment to transparency and ongoing evaluation ensures a proactive risk management culture, safeguarding Instructure’s interests and enhancing resilience.

Students using tables

Third-Party Risk

We have established stringent processes to evaluate and manage the risks associated with third-party relationships. New third-parties are assessed prior to on-boarding and vendors with access to sensitive and personal data are assessed annually. Through assessments and ongoing monitoring, we mitigate potential risks arising from our business partners.

Employees taking part in workplace learning

Risk Communications and Leadership Oversight

Effective risk communications and leadership oversight are integral to our compliance efforts. We ensure clear and transparent communication channels for reporting and addressing compliance-related issues. Our leadership team provides guidance, oversight, and support to foster a culture of compliance throughout the organization.

banner cta - brand blue

Support

Get the Support You Need