Trust Center

Instructure Trust Center


At Instructure, we consider compliance as a top priority and consistently strive to uphold the highest standards of regulatory compliance and industry best practices. We have established a comprehensive framework that encompasses various essential components to ensure our compliance objectives are met.

Continuous Monitoring

We maintain a vigilant and proactive approach to monitoring compliance-related activities, allowing us to promptly identify and address any deviations from established standards.

Regular audits and assessments are conducted to validate adherence to relevant frameworks, such as SOC 2 Type 2, ISO 27001, SOX, and NIST 800-53. These audits provide us with a comprehensive view of our compliance posture and enable us to take prompt corrective actions when necessary.


Metrics Development and Reporting

We employ a rigorous metrics development and reporting process to track and measure our compliance performance accurately. This enables us to assess the effectiveness of our compliance initiatives and make data-driven decisions.


External Assessment

We engage in regular external assessments and audits conducted by independent experts to validate our compliance efforts. These assessments provide valuable insights and assurances to our stakeholders, regulatory bodies, and customers.


Our Compliance Certifications

ISO 27001 Certified

ISO 27001

ISO (International Organization for Standardization) is a worldwide federation of national standards bodies. ISO is a nongovernmental organization that comprises standards bodies from more than 160 countries, with one standards body representing each member country.



A SOC assessment is an evaluation conducted to assess the effectiveness of Instructure’s controls and processes related to security, availability, processing integrity, confidentiality, and privacy of it’s systems and data.

If you are an existing customer, please reach out to your designated Customer Success Manager (CSM) or Regional Director to request the appropriate report. If you are a prospective customer, please email us at



A TX-RAMP assessment is a comprehensive evaluation of Instructure’s information security controls and practices to ensure compliance with the security requirements set by the Texas Department of Information Resources (DIR).

TRUSTe Certified Privacy logo

TRUSTe Enterprise Privacy & Data Governance

The TRUSTe Enterprise Privacy Certification Seal is obtained through a set of privacy assurance programs that enable companies that collect or process information to demonstrate responsible data collection and processing practices consistent with regulatory expectations and external standards for privacy accountability.

Cyber Essentials Plus

Cyber Essentials / Cyber Essentials Plus

Cyber Essentials is a UK government-backed certification scheme that helps Instructure demonstrate their commitment to cybersecurity best practices and protect against common cyber threats. Cyber Essentials Plus is an advanced level of certification that involves more rigorous testing and verification to provide a higher level of assurance in Instructure’s cybersecurity defenses.

Sarbanes-Oxley Compliance


A Sarbanes-Oxley (SOX) assessment involves evaluating an organization’s internal controls and financial reporting process to ensure compliance with the Sarbanes-Oxley Act, which aims to enhance the transparency and integrity in financial operations.  For more information, please visit our Investor Relations page at or refer to our annual 10-K report found here: accessible by searching for the desired year.



A PCI DSS assessment is a thorough evaluation of Instructure’s payment card industry data security standards compliance to ensure the secure handling of cardholder information and maintain a secure payment environment.

Risk Management Program

We have implemented a robust Risk Management Program that encompasses the identification, assessment, mitigation and monitoring of risks across Instructure. The program enables us to proactively manage risks and ensure compliance with applicable regulations.

Risk Identification and Reporting

Risk Identification and reporting are integral to our Risk Management Program at Instructure. Our dedicated team collaborates with stakeholders to systematically identify and assess potential risks. Through a structured reporting framework, we provide timely updates to key stakeholders, including clear risk descriptions, potential consequences, and recommended mitigation strategies. Our commitment to transparency and ongoing evaluation ensures a proactive risk management culture, safeguarding Instructure’s interests and enhancing resilience.

Third-Party Risk

We have established stringent processes to evaluate and manage the risks associated with third-party relationships. New third-parties are assessed prior to on-boarding and vendors with access to sensitive and personal data are assessed annually. Through assessments and ongoing monitoring, we mitigate potential risks arising from our business partners.

Risk Communications and Leadership Oversight

Effective risk communications and leadership oversight are integral to our compliance efforts. We ensure clear and transparent communication channels for reporting and addressing compliance-related issues. Our leadership team provides guidance, oversight, and support to foster a culture of compliance throughout the organization.

Illustration Services Instructional Design

Get the Support You Need