Maintaining the security, confidentiality, privacy, integrity, and availability of your data is critical to our team. As part of our ongoing commitment to putting our members and learners first, Parchment has built robust and transparent information security and compliance programs.
We are deeply committed to learner and member privacy and embrace privacy by design in everything we do. Transparency builds trust, and we strongly believe in informing all of our users about their Privacy Rights and Terms of Use. If you have any questions or concerns regarding Privacy, please contact Privacy@parchment.com
GDPR and CCPA
Parchment handles personal information with compliance in mind. Our platform is General Data Protection Regulation (GDPR) compliant and meets the California Consumer Privacy Act (CCPA) standards. Please reference Parchment’s Privacy Policy, Data Protection Addendum, and designated Suprocessors. If you wish to exercise any Privacy rights, please contact us at Privacy@parchment.com
Availability & Reliancy
Parchment systems are hosted on Amazon Web Services (SOC 1, SOC 2, and SOC 3 certified) deployed across multiple availability zones. Providing our members and learner communities with trusted Uptime and Reliability.
Vulnerability Management
A formal Vulnerability Management Program to proactively identify and remediate technical vulnerabilities in its systems, applications and services. Please contact us through our Responsible Disclosure page to report any suspected vulnerabilities.
Network & Transmission Protection
Parchment implements appropriate technical solutions to protect the confidentiality and integrity of network communications. Baselines of network traffic and expected data flows to identify what activities that would be considered anomalous behavior. Parchment leverages AWS Security tooling that includes; GuardDuty, CloudTrail, Security Hub, & Inspector, as well as an enterprise SIEM.
Audit, Logging, & Monitoring
Parchment leverages the AWS Well-Architected framework to build secure, high-performing, resilient, and efficient infrastructure for all Parchment Products.
To ensure the effectiveness of our security measure, and detect potential security events, auditing, logging and monitoring are enabled throughout our AWS environment, and the application.
Software Development
Security is considered in the entire end-to-end process of developing software, including OWASP training, processes, code reviews, and vulnerability scanning.
Risk Management & Incident Response
Risk management is continuously in place for both internal and external sources. We take a proactive approach to performing risk assessment. Potential security risks or events are evaluated and reviewed continuously. Formal incident response plans are in place and tested.
Data Protection
Data integrity and confidentiality are obtained through extensive encryption of data, both in transit and at rest, and role based access controls.
Parchment understands the importance of vendor management and due diligence. Our Information Security team wants to assist you in providing a timely response to your security questions and assessments. Parchment has a streamlined process to complete your requests when considering partnering with us. If your Vendor Risk Management process is based on the EDUCAUSE HECVAT, we can share our pre-completed questionnaires. If your Vendor Risk Management process is based on 3rd party auditor attestations or reports, Parchment is happy to provide copies of our PCI Attestation of Compliance and/or SOC2 Type II report. Please contact your Regional Sales Representatives or Account Executive to get the process started, or submit us a ticket in our Help Center.
