D2L Course Merchant Compliance Information
PCI Compliance – Keeping your payment data secure
The PCI DSS (or “Payment Card Industry Data Security Standard”) is a set of security standards and requirements designed to protect cardholder data and sensitive payment card information. It protects both consumers and the payment card industry from the risk of data breaches, theft, and fraud. The PCI DSS includes a set of requirements that cover various aspects of information security, including network security, access control, data encryption, and regular security testing.
Compliance and annual re-attestation with the PCI DSS is required for all companies that accept, process, store, transmit or that could affect the security of payment card data and transactions.
D2L Course Merchant acknowledges its responsibility to maintain PCI DSS compliance and to provide assurance that cardholder data and payment card transactions are handled in accordance with the security requirements of the PCI DSS. As such, we perform annual SAQ assessments as required by the reporting and validation requirements issued by the payment brands.
We are able to provide appropriate organizations with our most recent PCI DSS v4.0 Attestation of Compliance (AOC). To request a copy of our most recent PCI compliance documentation, please contact your account representative.
ISO/IEC 27001:2022
ISO/IEC 27001:2022 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO/IEC 27002 best practice guidance. This is a widely-recognized international security standard. Certification in the standard requires us to:
- Systematically evaluate our information security risks, taking into account the impact of company threats and vulnerabilities
- Design and implement a comprehensive suite of information security controls and other forms of risk management to address company and architecture security risks
- Adopt an overarching management process to ensure that the information security controls meet our information security needs on an ongoing basis
The key to the ongoing certification under this standard is the effective management of a rigorous security program. The Information Security Management System (ISMS) required under this standard defines how we perpetually manage security in a holistic, comprehensive way. The ISO/IEC 27001 certification is specifically focused on the D2L ISMS and measures how our internal processes follow the ISO standard. Certification means a third party accredited independent auditor has performed an assessment of our processes and controls and confirms they are operating in alignment with the comprehensive ISO/IEC 27001 certification standard.
ISO/IEC 27017:2015
ISO/IEC27017 gives guidelines for information security controls applicable to the provision and use of cloud services by providing:
- additional implementation guidance for relevant controls specified in ISO/IEC 27002;
- additional controls with implementation guidance that specifically relate to cloud services.
This Recommendation provides controls and implementation guidance for both cloud service providers and cloud service customers.