Canvas is committed to safeguarding the proprietary information and personal data entrusted to us by our partners. We align our security and data privacy strategies with the leading attestations and certifications in order to provide our customers with the confidence that comes from knowing that industry best practices pilot our practices.
While our cloud hosting provider is already SOC certified, Canvas successfully underwent a SOC 2 Type II audit and is thrilled to announce that we are SOC 2 Type II compliant.
This critical milestone is to promote customer assurance as part of our ongoing pledge to protect the security of our systems and to maintain the confidentiality, integrity, and availability of data.
What is SOC 2 Type II compliance?
As part of the American Institute of CPAS Service Organization Controls, SOC 2 is the Service Organization Control 2, which evaluates the validity of security controls and details the operational effectiveness of systems over a minimum period of six months. This attestation standard verified that Canvas’s information security and data policies, procedures, and practices fulfill the applicable trust services criteria.
By achieving SOC 2 Type II compliance, Canvas was able to demonstrate that we have implemented the necessary controls and configured the appropriate systems to protect our partner’s data. It shows that we’ve taken the proper steps to ensure that data is secure.
Moreover, at Canvas we view security as an ongoing process, not a one-time goal, which is why we opted for the SOC 2 Type II examination. SOC 2 Type II takes place over a longer audit period thus demonstrating our continued commitment to protecting our partners’ data. The culmination of the audit is a detailed report outlining how data is collected, managed, controlled, and audited within Canvas’s environment.
Key areas of focus include:
- Technical controls such as access control, identification and authentication, audit logging, encryption, systems security, monitoring, and data backup.
- Corporate controls related to regulatory requirements and governance, internal policies, vendor management, and physical, and environmental security.
- Human Resource controls including background checks, on and off-boarding practices and security awareness training.
- Operation and Legal controls such as SDLC, NDA, MSA, Risk Management, and Change Management.
The report can be beneficial for answering security questions, describing the systems we have in place, outlining our operations, and clarifying our controls so that customers are able to efficiently and effectively evaluate the risk of utilizing the platform and feel confident that they are making the right choice by selecting a secure vendor when they select Canvas.
Ultimately, we believe that security is a shared responsibility. By establishing processes and procedures that provide oversight across our organization, and having them audited by a third-party who can provide independent insight into our security posture, Canvas is better able to protect and preserve the data. It is our commitment to you that we will continue to not only maintain the current benchmark but that we will seek to improve upon and stay up-to-date with the evolving regulatory landscape so that we can best support the needs of our clients.
If you have any questions about Canvas’s SOC II compliance, reach out to our team at [email protected].