Instructure Trust Center
Enterprise Security
Instructure has implemented a robust enterprise information security program that operates on a continuous PDCA (Plan-Do-Check-Act) cycle. This program is designed based on the guidance outlined in ISO/IEC 27000:2018 and incorporates the controls specified in ISO/IEC 27001:2013
Enterprise Security
At Instructure, we prioritize safety and security in our workforce.
As part of our rigorous hiring process, we conduct comprehensive criminal background checks on all employees and contractors. The results of these checks play a crucial role in determining employment eligibility.
Instructure recognizes that people are our first line of defense.
This begins by creating foundational awareness, which all Instructure recognizes that people are our first line of defense. This begins by creating foundational awareness which all Instructure personnel are required to complete Instructure's Compliance, Privacy, and Security Awareness Training upon hire as per our employment terms and conditions, and annually thereafter. The content of this training includes all relevant areas of security (online, mobile, physical, MFA etc.), privacy, and compliance requirements for each employee - including our policies. Furthermore, Instructure conducts continuous awareness campaigns to ensure employees are informed of our constantly changing threat landscape and that they are equipped and empowered to identify and report security risks.
Information Technology
Instructure maintains both a Network Security Policy and an IT Acceptable Use Policy, which outline procedures, processes and policies for all endpoints on both production and corporate networks. These policies are evaluated against both SOC2 and ISO 27001 standards. Company and employee devices are secure, encrypted, tracked, and have mandatory MFA applied.
Get the Support You Need