What Data Privacy and Security Practices are Followed?

What Data Privacy and Security Practices are Followed?

Data Privacy

Veracity adheres to the EU-U.S. Privacy Shield Framework to help satisfy GDPR requirements and maintain an annual certification. Please review our online privacy policy (https://veracity.it/privacy-policy) for more information about what is covered, what information we collect, and your rights to access and transfer your personal data. You can view our certification for the Privacy Shield Principles and Program here: https://www.privacyshield.gov/participant?id=a2zt0000000XeyrAAC&status=Active.  

Information Security Practices

The LRS is currently available in an approved FEDRAMP environment and has been granted an Authority to Operate (ATO) in several other DoD environments. The Veracity team has several staff members that maintain a Security+ certification and follow a Written Information Security Program (WISP). We also employ 3rd party annual vulnerability pen testing.

Security and compliance is a shared responsibility between Veracity and the cloud service providers used for Veracity Learning. AWS manages the security of the cloud, MongoDB Atlas manages the security of the database, and Veracity manages Veracity Learning’s application security. The AWS cloud infrastructure that hosts the Veracity Learning SaaS product and the MongoDB Atlas cloud infrastructure that hosts the databases are both conformant with many security frameworks. 

In order to protect against unforeseen service outages, data that is lost or stolen, and other potential security incidents, Veracity carries Errors & Omissions and Cyber Liability insurance. The E&O coverage applies to professional services and the Cyber Liability applies to a wrongful act or data breach occurring under a data privacy or network security incident.

Veracity’s security artifacts can be provided to customers upon request.


    • Related Articles

    • What are Different Ways xAPI Data Flows from an LMS to an LRS?

      Client Side This is the most common case. The content package sends xAPI data directly to the LRS. The content package includes hard-coded credentials to connect to the LRS. Data is also exchanged between the content and the LMS. The content package ...

    • What Are the Reasons to Use More Than One LRS Instance?

      The Veracity Learning system features a multi-tenancy architecture, which allows users to create more than one LRS database instance. Users can create up to a certain number of separate LRS tenants depending on their plan and account tier. For more ...

    • What are xAPI Extensions and How Do I Use Them in My xAPI Statements?

      Best Practices for xAPI Extensions Activity, Context, and Result Extensions in xAPI Statements Do you need to know when and how to best use Activity, Context or Result Extensions in your xAPI Statements? This is a common challenge and a frequently ...

    • Why Doesn’t My Duration Chart Work?

      Use meta.duration, Not result.duration If you’re trying to build a chart with duration as the metric and it’s not working, then the reason is probably that you’re trying to get values from result.duration. Use meta.duration instead. Statements encode ...

    • What Types of Charts Can I Make in the LRS?

      In general, you can make charts in a custom dashboard using two methods: using our Chart Builder, or by programming our Veracity Query Language (VQL). Chart Builder Charts The Chart Builder and similar form-based wizards in the Veracity Learning LRS ...