Data Security and Privacy

Securing the World's Most Trusted Digital Credential Network

At Credly, we believe that people should own and control their achievements.  That mission is aligned with a larger global trend of empowering individuals with control over their own data. 

Our policies and procedures operationalize our commitment to protect the security and privacy of our customers and their employees, members, learners, and users. 

We invest in best practices and compliance with industry standards and proactively seek third-party audits that validate our investment in enterprise-level security and operations. Data security experts and auditors regularly scrutinize, test, and validate the security, privacy, and operational measures we implement and maintain. 

All Credly employees are trained in data security and privacy principles. And, Credly maintains multiple ISO certifications, GDPR compliance, and other rigorous security protocols.  

Our Approach

Credly_Web-Icon_Check

Enterprise-Class Development Practices & Infrastructure

Credly_Web-Icon_Check

Certified Compliance with US and Global Privacy and Data Security Requirements

Credly_Web-Icon_Check

Policies and Procedures Regularly Reviewed against Best Practices with Staff Trained and Assessed

Credly_Web-Icon_Lock

Data Security and Privacy Practices

1px_transparent

ISO 27001

ISO-27001-logo

ISO 27001 is the highest level of global information security assurance available today, and ensures that Credly meets stringent international standards.

1px_transparent

ISO 9001

ISO-9001-logo

ISO 9001 quality management certification validates that Credly operating practices in designing software meets the highest standards of excellence. 

1px_transparent

ISO 22301

ISO-22301-logo

Credly establishes, implements, manages, and tests its business continuity plan and associated procedures consistent with the requirements of ISO 22301.

1px_transparent

GDPR Compliance

eugdpr-logo

Credly is GDPR compliant and requires its subprocessors to comply with the terms of the GDPR. Credly maintains ongoing confidentiality, integrity, and resilience of our systems that process personal data of badge earners.

1px_transparent

APEC Privacy Framework

truste-seal

Credly is certified to the APEC Privacy Framework, demonstrating that Credly’s privacy programs, policies, and practices meet the requirements for effective privacy protections in the Asia Pacific Economic Cooperation region.

1px_transparent

FERPA Compliance

ferpa-logo

Credly offers a FERPA-compliant solution that provides earners with complete control over the use of their information and access to adjust privacy settings on their credentials at any time.

1px_transparent

COPPA Compliance

coppa-logo

Credly complies with COPPA by obtaining consent through K-12 institutional customers, honoring parental requests for data deletion, and implementing appropriate data privacy and security safeguards.

1px_transparent

Penetration Testing

pivotpointsecurity-logo

Credly regularly runs penetration testing and vulnerability scans of our codebase to analyze potential vulnerabilities and remediate them.

1px_transparent

VPAT 508 Compliance

VPAT_508_Compliant-logo

Credly is VPAT-Ready to ensure that everyone can be recognized for their achievements, including those with limited capacities to see, hear, or exercise muscular control.  Download our VPAT.

1px_transparent

IMS Global Member

IMS-Global-Logo

Credly champions open standards and was the first organization to be certified to the Open Badge 2.0 Standard. Credly staff serve on the board of the IMS Global organization, which maintains the Open Badge Standard.

1px_transparent

AWS Security Infrastructure

aws-logo

Credly’s physical infrastructure is hosted and managed by Amazon Web Services (AWS), which have achieved a wide variety of security certifications and commitments.

1px_transparent

Development Practices

Credly regularly performs static and active scans of its codebase, analyzes for vulnerabilities during code review, and builds data integrity checks for both input and output into our software.