From 050f5a5119005ae0965eaef07ab5e7c06e9ebace Mon Sep 17 00:00:00 2001 From: Nathan Sarang-Walters Date: Mon, 20 May 2024 15:06:26 -0700 Subject: [PATCH] Add information about SOC 2 attestation to security page --- src/pages/security/index.mdx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/pages/security/index.mdx b/src/pages/security/index.mdx index 7aa1cbb..b6a7a51 100644 --- a/src/pages/security/index.mdx +++ b/src/pages/security/index.mdx @@ -6,6 +6,10 @@ export const meta = { The PrairieLearn team takes the security of our products and services seriously. +## Third-party audits + +- **SOC 2 Type I**: PrairieLearn, Inc. has a SOC 2 Type I attestation for Security in accordance with the AICPA Trust Service Criteria. [Contact us](/contact) for access to our report. + ## Product security - **Software development lifecycle**: PrairieLearn, Inc. follows a secure software development lifecycle, including secure coding practices, code reviews, and automated testing. @@ -18,10 +22,6 @@ The PrairieLearn team takes the security of our products and services seriously. - **Secure remote access**: Internal systems are only accessible via AWS Systems Manager. Access to AWS Systems Manager is logged and tightly controlled. - **Identity access and management**: PrairieLearn, Inc. uses JumpCloud for identity and access management. Multi-factor authentication is required and utilized wherever possible. -## Third-party audits - -- **SOC 2 Type I _(coming soon)_**: PrairieLearn, Inc. is currently working with [Vanta](https://www.vanta.com/) and third-party auditors to achieve SOC 2 Type I compliance. We expect to complete this process in early 2024. The completed report will be made available to customers upon request. - ## Reporting a vulnerability If you believe you have found a vulnerability in any PrairieLearn software, please report it to us via coordinated disclosure. **Do not report suspected vulnerabilities publicly, including through GitHub issues or public Slack channels.** Instead, please send an email to [security@prairielearn.com](mailto:security@prairielearn.com) with as much relevant information as possible, including: