Moodle US is proud to announce that we have achieved SOC 2 Type 2 and SOC 3 compliance. To achieve this critical third-party assessment, we underwent a rigorous independent audit by ByteChek Assurance to ensure that our security protocols and use of data meet strict data security requirements. Achieving SOC 2 Type 2 and SOC 3 for public availability has been an opportunity to put our security practices to the test, and demonstrate that we are meeting the highest standards.

SOC 2 is a voluntary reporting framework for service organizations developed by the American Institute of CPAs (AICPA). It specifies how organizations should manage customer data based on the following Trust Services Criteria: security, availability, and confidentiality.

Like SOC 2, the SOC 3 report has been developed based on the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) Trust Service Criteria (TSC). The SOC 3 is a public report of internal controls over security, availability, and confidentiality.

Moodle US successfully completed an initial SOC 2 Type I audit in March of 2022 and then continued the testing process over the following months, receiving Type 2 compliance in August of 2022. Moodle US recognizes security as a critical component of modern business operations and SOC 3 ensures that we can make our commitment known to our customers. 

In addition to our security commitment in our delivery of services, the development practices of the Moodle platforms also include security by design. Moodle’s world-leading privacy and security features ensure student privacy, compliance, and control over infrastructure and data, no matter the size of your organization.