At D2L, we take security and privacy very seriously. We act as a trusted partner, putting our client’s security and data confidentiality, availability and integrity first. Following a privacy-by-design approach across the full product lifecycle, our process is globally recognized with certifications that validate how we protect sensitive learner and institutional data.
Privacy, security, resilience and standards-based assurance are built into D2L Brightspace from the start.
First Major LMS
First major LMS to achieve ISO 27001 certification.
Continuous Certification
Continuous ISO 27001 certification since 2014, reflecting more than a decade of proven security program maturity.
Partner Certification
First learning platform to offer joint partner certification with 1EdTech.
ISO Portfolio
Comprehensive ISO certification portfolio across security, cloud controls and privacy.
Privacy and security are built into D2L Brightspace from the start.
Learning platforms hold deeply personal information about learners, educators, and organizations. D2L takes a privacy-by-design approach to help protect that information across the full lifecycle of our products and services, from development and testing through operations, support and ongoing improvement.
D2L maintains a rigorous security and privacy program that is regularly assessed against recognized global standards. These certifications and assessments give customers a transparent way to evaluate how D2L manages security, privacy, cloud controls and data protection obligations.
Customers and prospects can review D2L’s available certifications and security documentation, including ISO/IEC 27701, ISO/IEC 27001, ISO/IEC 27018, ISO/IEC 27017, SOC reports, CSA STAR, TX-RAMP, and Internet2 Cloud Scorecard resources here.
For more information on D2L’s compliance with data privacy laws, including the GDPR and CCPA, please see resources here.
D2L uses layered technical, administrative and operational safeguards to protect D2L Brightspace and the data entrusted to us. These include secure connections using TLS, unique user sessions, logging of transactions and originating IP addresses, configurable session timeouts, password policies, delegated authentication support, secure logical separation of customer data and customer-controlled access settings.
These safeguards help organizations manage access, reduce unnecessary exposure and support their own privacy and security obligations.
Protecting learning means more than protecting records. It also means helping organizations maintain access to the systems learners, educators and administrators rely on every day. D2L Brightspace is designed with redundancy, scalability and disaster recovery capabilities to support service continuity and recovery.
D2L stores customer data in secure data centers and replicates it over secure links to a disaster recovery data center, helping support restoration of the D2L Brightspace service should the need arise.
Secure, resilient infrastructure that supports reliable access.
Layered safeguards that manage access and reduce exposure.
Recognized standards that help customers evaluate trust.
Built-in safeguards for Brightspace and customer data.
D2L uses layered privacy and security safeguards across D2L Brightspace, including secure connections, session controls, logging, configurable access settings, logical data separation, employee training, security testing, and independent third-party audits. D2L also maintains certifications and assessments across recognized privacy, security, and cloud control standards.
D2L maintains certifications and assessments including ISO/IEC 27701, ISO/IEC 27001, ISO/IEC 27018, ISO/IEC 27017, SOC reports, CSA STAR, TX-RAMP, and Internet2 Cloud Scorecard resources. These help customers evaluate D2L’s controls and security practices using recognized frameworks.
For enterprise D2L Brightspace users, the customer organization typically acts as the controller of personal information, and D2L acts as a processor. D2L processes personal information under the controller’s instructions and for the controller’s purposes, while providing configurable privacy and security features to help customers manage access and protect data.
D2L Brightspace is designed with redundancy, scalability, and disaster recovery capabilities. Customer data is stored in secure data centers and replicated over secure links to a disaster recovery data center to help support service restoration in the event of a catastrophic event.
Please send the information to [email protected].
