Our commitment to
security and compliance

SOC 2 Type 2 is an information security framework that assesses how a company manages customer data based on Trust Services Criteria with annual audits. It focuses on cybersecurity controls for customer data over time.

ISO 27001 is a security standard that outlines requirements for an information security management system. It lists best practices and security controls related to information risk management.

360Learning is SOC 2 Type II and ISO 27001 compliant. The company participates in annual independent audits to maintain compliance.

360Learning is using Microsoft Azure as our cloud service provider. Its infrastructure, including all client data, is housed securely in their data centers, in locations non subject to the Patriot Act.

Microsoft Azure has been certified with ISO 27001, ISO 27018, SOC 1, SOC 2, SOC 3, and CSA. Their facilities have extensive measures of protection, including 24/7 surveillance, access control, and protection for environmental hazards. Our data is fully backed up once per day in a separate facility to ensure business continuity and disaster recovery.

Our infrastructure is protected and under surveillance at all levels, 24/7. Access is controlled via port scanning and IP filtering, data transfer is secured via forced HTTPs and encryption (AES-256). Our fleet is protected with EDR / XDR to identify and block malicious activity.
We also commission an external security audit twice a year and permit our clients to audit our platform.

360Learning’s internal security team brings several decades of security expertise. All 360Learning employees complete regular security training to detect phishing and other malicious activities.

Our Orca infrastructure security score exceeds the average by 15%. 

Our Ethics, Social and Environmental Responsibility Charter describes how 360Learning and all 360Learners conduct business, and outlines the fundamental values we share as a group, wherever we operate in the world. Find our CSR charter here.

Any concerns? Speak up! 360Learning has set up an Ethics hotline to report any conduct or situation that does not comply with the Charter or with applicable laws and regulations.

The procedure is available to anyone who wishes to make an alert.

Our 360Learning Procurement Policy outlines the principles and standards we expect from ourselves and our partners, driving ethical sourcing, minimizing environmental impact, and promoting fair labor practices. 

In conjunction with this, our Supplier Code of Conduct clearly sets out the mandatory requirements all our suppliers must adhere to in regard to human rights, labor standards, environmental protection, and anti-corruption.

At 360Learning, our commitment to privacy and security extends directly to the development of our artificial intelligence functionalities. We believe AI must be developed responsibly, with a strong focus on transparency, security, and ethics. To ensure this, we have verified our alignment with the EU AI Act. Our features are designed to enhance learning without infringing on fundamental rights.

We follow strict internal guidelines for product development to make sure we're aligned with the changing landscape when it comes to AI and legislation.

You can find more information on the implementation of AI Features in our products here.

Our organization and our platform regularly undergo independent verification of security, privacy, and compliance controls, achieving certifications against global standards.

In line with our commitment to transparency and the EU Data Act, we ensure that our customers maintain full sovereignty over their data. We provide data portability and clear access to generated data, ensuring you remain in control of your information at all times.

Customers are invited to review our privacy documentation and can reach our Data Protection Officer (DPO) for further questions at data-protection@360learning.com.

We operate in accordance with all US federal and state regulations. We believe in doing business the right way, ensuring that the services we deliver are provided ethically and in full compliance with applicable law. This includes the the CCPA/CPRA. We do not sell your personal information, and we provide clear transparency and control over how your data is used.

Integrity and transparency are at the heart of our operations. In compliance with statutory requirements, we have published our 2024 Modern Slavery Act Statement, detailing the steps we take to prevent forced labor in our global supply chain.

We are fully compliant with the UK GDPR and the Data Protection Act 2018. For international data transfers, we utilize the ICO International Data Transfer Addendum in conjunction with the EU Standard Contractual Clauses (SCCs). This ensures that all data transferred from the UK to third countries is subject to the same standards of protection.

For customers registered in Germany, we have compiled a dedicated section of Frequently Asked Questions (FAQ) to address specific regional inquiries. This resource provides detailed information regarding local account management, compliance standards, and service features tailored to our German users. We encourage you to review these details to ensure a seamless experience with our platform.

Under the European Digital Services Act of October 19, 2022 (“DSA”), 360Learning, qualifies as a service intermediary offering hosting services.

360Learning implements the necessary measures to comply with its obligations under the DSA. The rules governing the use of the 360Learning platform, the procedure for handling reports of illegal content and the platform's moderation policy are available in the Technical Documentation.

In accordance with its obligations under the DSA, 360Learning has designated data-protection@360learning.com as its single point of contact for all communications relating to DSA compliance.