Skip to main content
Information Security

InfoSec Governance at Socrative.

Kenny Dickie avatar
Written by Kenny Dickie
Updated over 3 months ago

Security & Privacy Training

Socrative enforces annual security and privacy training for all employees. The training content is reviewed and updated annually to respond to changing needs and industry challenges.

Employee Access and Security

We regard your data as private and confidential. Our production environment is completely separate from our other environments — including development and QA. AWS provides sophisticated Identity Access Management (IAM) to control access to its resources. Individually identifiable RSA key pairs are used for SSH access and root login is disabled. This ensures an audit trail of actions performed and the originator of those actions. All critical systems require 2-factor authentication where available.

Socrative employees are granted access to systems and data based on their role in the company or on an as-needed basis. Access is granted using the principle of least privilege.

Access to customer data by Socrative employees is only used to assist with support and to resolve customer issues. For such cases, we will get your explicit consent each time. Violation of this policy is a serious matter requiring investigation and appropriate disciplinary action up to and including termination as well as legal action.

When working on a support issue we do our best to respect your privacy as much as possible and only access the minimum data needed to resolve your issue.

Access attempts to our hosting platform and administrative systems are logged and monitored. Socrative systems have automated alerting systems that notify us of abnormal activity.

Communication Security

All communications at Socrative are secure using the latest TLS encryption (1.2 and 1.3). Communication with Socrative cannot be viewed by a third party and is the same level of encryption used by banks and financial institutions.

Did this answer your question?