What Data Privacy and Security Practices are Followed?

What Data Privacy and Security Practices are Followed?

Data Privacy

Veracity adheres to the EU-U.S. Data Privacy Framework to help satisfy General Data Protection Regulation (GDPR) requirements and maintain an annual certification. Please review our online privacy policy for more information about what is covered, what information we collect, and your rights to access and transfer your personal data. You can also view our certification for the Privacy Shield Principles and Program.  

Information Security Practices

Veracity offers our LRS in an approved FEDRAMP environment and has been granted an Authority to Operate (ATO) in several other DoD environments. The Veracity team has several staff members that maintain a CompTIA Security+ certification and follow a Written Information Security Program (WISP). We also employ third-party annual vulnerability penetration testing.

Security and compliance are a shared responsibility between Veracity and the cloud service providers used for Veracity Learning. AWS manages the security of the cloud, MongoDB Atlas manages the security of the database, and Veracity manages Veracity Learning’s application security. The AWS cloud infrastructure that hosts the Veracity Learning SaaS product and the MongoDB Atlas cloud infrastructure that hosts the databases both conform with many security frameworks. 

To protect against unforeseen service outages, data that is lost or stolen, and other potential security incidents, Veracity carries both Errors & Omissions and Cyber Liability insurance. The E&O coverage applies to professional services, and the Cyber Liability coverage applies to a wrongful act or data breach occurring under a data privacy or network security incident.

Veracity can offer security artifacts to customers upon request.