Security
We’ve got security on lock.
Degreed’s enterprise-grade security, reliability, and compliance program keeps your organization’s data safe, so you can stay focused on the business at hand.
Badges that defend your data:
Security
Cloud hosting solution
Microsoft Azure is our Cloud Service Provider (CSP). The infrastructure of the Degreed platform, including all client data, is housed securely in Microsoft Azure datacenters.
Microsoft Azure is known for industry-leading security measures and privacy policies. Azure adheres to security controls for ISO 27001, ISO 27018, SOC 1, SOC 2, SOC3, FedRAMP, HITRUST, MTCS, IRAP, ENS, TISAX, and the CSA Cloud Control Matrix.
More information on Azure compliance offerings can be found here.
Encryption
We use industry-standard secure transport protocols (TLS 1.2) for all data in transit. Data at rest is encrypted using an industry standard AES-256 symmetric key.
Physical security
Physical security of data centers is managed by Microsoft Azure. Data centers managed by Microsoft have extensive layers of protection: access approval at the facility’s perimeter, at the building’s perimeter, inside the building, and on the data center floor. All Microsoft Data Centers maintain state-of-the-art physical security, including 24x7x365 surveillance, environmental protection, and extensive secure access policies.
Data loss prevention measures
Background checks are mandatory for all Degreed employees. Information Security Training is required upon initial hire and annually thereafter. Access to client data is strictly controlled on principles of least privilege, utilizing RBAC, 2FA, VPN firewall with final access via a remote desktop server using strict DLP controls (i.e., jump box). Access is limited to a few database administrators and operations personnel supporting client accounts.
Reliability
Adaptable performance
Our services are hosted in Microsoft’s Azure cloud platform which allows us to easily scale-up (increase the capabilities of each server in the system) and scale-out (add more servers to the system) in a matter of minutes. We have successfully tested both scale-up and scale-out scenarios in order to handle an increased load. These tests simulate loads from organizations up to 300,000 users. Thanks to the strong auto-scaling functionality, Degreed can easily expand to meet the needs of any organization.
Business continuity & disaster recovery
Degreed maintains Business Continuity and Disaster Recovery Plans, which are reviewed and tested annually. Geo-replication is used for disaster recovery. A production database replica is maintained in a different region than the primary database. Committed transactions on the primary database are continuously synchronized to this readable geo-replica . The geo-replica is available if/when the data center hosting the primary database fails.
Compliance
TISAX
As of 2022, Degreed is TISAX certified. TISAX is a European automotive industry-standard information security assessment. Degreed was successfully audited by an accredited independent assessor.
Privacy policy
We respect the privacy of our users and strive to provide a safe, secure online experience. Read Here.
GDPR
We use industry-standard secure transport protocols (TLS 1.2) for all data in transit. Data at rest is encrypted using an industry standard AES-256 symmetric key.
SOC 2 Type II
Degreed is SOC2 compliant and participates in annual independent audits to maintain compliance. The SOC2 auditing process ensures our policies, practices, and controls securely manage client data and protect the privacy of our users.