Data Security and Privacy at Ellucian
As a software company, data security and privacy are of utmost importance. Improper use of or access to data can result in negative consequences for our employees, customers, partners, and communities, and lead to a loss in revenue, trust, and privacy.
Our information security program is modeled after and certified to the ISO27001:2013 Information Security Management System framework. The ISO certification demonstrates Ellucian’s commitment to security across its products and cloud services and demonstrates the effectiveness of our security controls. We are also compliant with several international industry security standards and regulations for cloud platform solutions.
Each year, an independent audit firm conducts our annual Service Organization Control (SOC) audits. The SOC1 and SOC2 Type II reports are available to customers for review upon request and execution of a non-disclosure agreement. The SOC3 report is publicly available on our website.
Rigorous testing is critical before our software is released to the market. Ellucian partners with third-party vendors annually to perform penetration testing to assess the security of our cloud solutions environments and applications. We conduct ongoing crowdsourced testing through a private bug bounty program where our products are continuously tested by expert ethical hackers and managed by HackerOne.
Our Responsible Disclosure Policy values and honors the assistance of security researchers and others in the security community in keeping our systems secure. We thank those who have helped so far by honoring them on our Security Researcher Hall of Fame. Ellucian has a detailed incident response plan in place in the event of a security incident, and 24/7 monitoring for its security systems and alerts. Our incident response protocols align with the U.S. Computer Emergency Readiness Team (US CERT) and the National Institute of Standards and Technology (NIST).
We also offer thought leadership through the Ellucian blog to guide our customers on best practices and the latest updates in data security and privacy. Blog posts published focus on topics including steps for conducting a risk assessment and how our customers can protect information on mobile devices.
Ellucian is dedicated to fostering an inclusive culture that celebrates differences, attracts diverse talent, and inspires an open environment in which all employees can do their best work. Throughout the year, we seek and share opportunities to cultivate equity both internally and externally.
To learn more about our key information security practices, please read our cloud security paper and visit our website, which goes into greater detail about all our data security and privacy initiatives.
The 2022 Ellucian Impact Report shares our commitment to supporting student success, building an inclusive culture, reducing our impact on the environment, and making a positive difference across critical issues important to our company and communities.
Read more stories about how Ellucian is making a difference in the full Impact Report.