Security Overview

At D2L, we have always taken security very seriously. Our approach puts our client’s security first. Our process works, demonstrated by a track record of delivering reliable security to all of our clients.

Physical Security

D2L hosted services are hosted in tier 3 or greater data centers giving clients best in class services. Our hosting providers undergo SSAE16 audits and maintain PCI Service Provider Level 1 compliance. Additionally, our own ISO 27001:2013 certification covers the security controls for the operations within our data centers.

Find out more about our secure data centers >
Read about D2L’s security certifications >

Security Monitoring

D2L uses an industry leading Security Information and Event Management (SIEM) solution to collect, aggregate and correlate millions of system events a day across D2L’s infrastructure to provide monitoring teams with real time insight into potential security events.

Find out more about our security best practices >
Learn about our security policies >

LMS Security in the Brightspace Platform

Access & Authentication

The Brightspace platform supports Single Sign On (SSO) and integration with various authentication solutions including Active Directory, LDAP, Kerberos, CAS and SAML/Shibboleth.

Secure Transmission

Client connection to the Brightspace platform is via TLS cryptographic protocols with RSA encryption, so client data is transferred securely.

Application Security

Code for the Brightspace application is developed and tested following principles set out in the Open Web Application Security Project (OWASP) Top Ten framework to help ensure Brightspace is a secure platform.

Backup and Recovery

System and client data are backed up on a regular basis using asynchronous encrypted data transfer to offsite storage to ensure that client services can be restored quickly in the event of a disaster.

Found a bug? Please send the information to incident@d2l.com