IE Not suppported

Sorry, but Internet Explorer is no longer supported.

For the best experience, it's important to use a modern browser.

To view the website, please download another browser such as Google Chrome or Mozilla Firefox.

Security Certifications & Compliance

We take our responsibility to protect the confidentiality, availability and integrity of your data seriously, which is why we have the following certifications:

ISO 27001:2013


ISO® 27001 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. This is a widely-recognized international security standard. Certification in the standard requires us to:


  • Systematically evaluate our information security risks, taking into account the impact of company threats and vulnerabilities
  • Design and implement a comprehensive suite of information security controls and other forms of risk management to address company and architecture security risks
  • Adopt an overarching management process to ensure that the information security controls meet our information security needs on an ongoing basis


The key to the ongoing certification under this standard is the effective management of a rigorous security program. The Information Security Management System (ISMS) required under this standard defines how we perpetually manage security in a holistic, comprehensive way. The ISO 27001 certification is specifically focused on the D2L ISMS and measures how our internal processes follow the ISO standard. Certification means a third party accredited independent auditor has performed an assessment of our processes and controls and confirms they are operating in alignment with the comprehensive ISO 27001 certification standard.

Request Certification

ISO 27018:2014


ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.

In particular, ISO/IEC 27018:2014 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services.

Request Certification

SOC 1 Type 2 and
SOC 2 Type 2


Service Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how D2L achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the D2L controls established to support operations and compliance.

The D2L SOC Reports include four of the Trusted Services Principles: Security, Confidentiality, Processing Integrity and Availability with no exceptions in related controls. There are two types of D2L SOC Reports:

Request Reports

Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR)


As part of the Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR) Self-Assessment program, D2L submitted a self-assessment report, the Consensus Assessments Initiative Questionnaire (CAIQ), that documents our compliance to CSA published best practices.

The STAR program includes a complimentary registry that documents the security controls provided by D2L to manage our cloud instances. This publicly accessible registry is designed for users of our cloud services to assess our specific security practices and assist our current and perspective customers in responding to their security questions.

The Consensus Assessments Initiative Questionnaire (CAIQ), which provides industry-accepted ways to document what security controls exist in our Software as a Service (SaaS) offering. The questionnaire (CAIQ) provides a set of over 140 questions a cloud consumer and cloud auditor may wish to ask of a cloud provider.

Copy of D2L’s CAIQ is located at:

Request Information

Please complete this required field.
Phone number must be a valid number.
Thank you for submitting this form.

You can unsubscribe at any time. Personal information may be collected, used and disclosed in accordance with our privacy policy. Please note that if you do not provide express consent, we may, in limited circumstances, continue to provide communications to you under implied consent provisions of applicable anti-spam legislation.