Skip to main content

D2L Course Merchant Compliance Information

PCI Compliance – Keeping your payment data secure

The PCI DSS (or “Payment Card Industry Data Security Standard”) is a set of security standards and requirements designed to protect cardholder data and sensitive payment card information. It protects both consumers and the payment card industry from the risk of data breaches, theft, and fraud. The PCI DSS includes a set of requirements that cover various aspects of information security, including network security, access control, data encryption, and regular security testing.

Compliance and annual re-attestation with the PCI DSS is required for all companies that accept, process, store, transmit or that could affect the security of payment card data and transactions.

D2L Course Merchant performs annual SAQ audits to provide assurance that we are appropriately compliant with the security requirements of the Payment Card Industry Data Security Standard (PCI DSS) and securely handling cardholder data and payment card transactions.

We are able to provide appropriate organizations with our most recent PCI DSS v3.2.1 Self Assessment Questionnaire (SAQ D Service Provider) as well as our Attestation of Compliance (AOC).

To request a copy of our most recent PCI compliance reports, please contact your account representative.

Course Merchant ISO/IEC 27001 Badge

ISO/IEC 27001:2013

ISO/IEC 27001:2013 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO/IEC 27002 best practice guidance. This is a widely-recognized international security standard. Certification in the standard requires us to:

  • Systematically evaluate our information security risks, taking into account the impact of company threats and vulnerabilities
  • Design and implement a comprehensive suite of information security controls and other forms of risk management to address company and architecture security risks
  • Adopt an overarching management process to ensure that the information security controls meet our information security needs on an ongoing basis

The key to the ongoing certification under this standard is the effective management of a rigorous security program. The Information Security Management System (ISMS) required under this standard defines how we perpetually manage security in a holistic, comprehensive way. The ISO/IEC 27001 certification is specifically focused on the D2L ISMS and measures how our internal processes follow the ISO standard. Certification means a third party accredited independent auditor has performed an assessment of our processes and controls and confirms they are operating in alignment with the comprehensive ISO/IEC 27001 certification standard.

Download certification for ISO/IEC 27001:2013

Course Merchant ISO/IEC 27017 Badge

ISO/IEC 27017:2015

ISO/IEC27017 gives guidelines for information security controls applicable to the provision and use of cloud services by providing:

  • additional implementation guidance for relevant controls specified in ISO/IEC 27002;
  • additional controls with implementation guidance that specifically relate to cloud services.

This Recommendation provides controls and implementation guidance for both cloud service providers and cloud service customers.

Download certification for ISO/IEC 27017:2015