Standards, Regulations & Certifications
To help you with compliance and reporting, we share information, best practices, and easy access to documentation. Our organization and our platform regularly undergo independent verification of security, privacy, and compliance controls, achieving certifications against global standards to earn your trust. We’re constantly working to expand our coverage.
Docebo commitment to information security and data protection is paramount
Docebo maintains an information security management system (ISMS) and within this framework, has defined a comprehensive information security program including a full set of controls implemented in accordance with ISO 27001 and AICPA/ISAE 3000 SOC 2 managed by a dedicated security team. Docebo LMS is developed, maintained and operated through a Software Development Life Cycle (SDLC) and a Change Management process including the security by design principle and the highest security and quality standards.
ISO 9001 outlines a process-oriented approach to documenting and reviewing the structure, responsibilities, and procedures required to achieve effective quality management within an organization.
The key to the ongoing certification under this standard is establishing, maintaining and improving the organizational structure, responsibilities, procedures, processes, and resources in a manner where Docebo products and services consistently satisfy ISO 9001 quality requirements.
We can provide the following ISO 9001 documentation:
Managing information risks.
The ISO/IEC 27000 family of standards helps organizations keep information assets secure. ISO/IEC 27001 is a security standard that outlines and provides the requirements for an information security management system (ISMS). It specifies a set of best practices and details a list of security controls concerning the management of information risks.
The 27001 framework and checklist of controls allows Docebo to ensure a comprehensive and continually improving model for security management.
We can provide you the following ISO 27001 documentation:
- Statement Of Applicability (under NDA)
- Last third party annual surveillance audit report (under NDA)
SOC 2 & SOC 3
SOC 2 is a report based on AICPA’s existing Trust Services principles and criteria. The purpose of the SOC 2 report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, and confidentiality or privacy. Docebo undergoes a regular third-party audit to certify individual products against this standard, and annually releases a SOC 2 Type II report for The Docebo Learning Management System
The SOC 3 Report , just like SOC 2, is based upon the same Trust Service Principles considered for the SOC 2, but provide less details and can be freely distributed for general use.
We can provide you the following SOC documentation:
- Current SOC 2 report (under NDA)
- Current SOC 3 report
GDPR and PRIVACY
Many of Docebo LMS Platform’s business customers operate in Europe or have european citizens as user of our platform and need to comply with the European Union’s General Data Protection Regulation (GDPR). The GDPR specifies a number of requirements companies must meet around protecting personal data.
Docebo is fully compliant with GDPR across Docebo LMS services.
Customers can review and Sign our Data Processing Agreement.
Docebo is certified under both the EU-U.S. and Swiss-U.S. Privacy Shield frameworks and our certifications can be viewed on the Privacy Shield list.
Docebo has promptly addressed the decision of the Court of Justice of the European Union to invalidate the use the EU-US Privacy Shield as a valid means of transferring personal data from the EU to the US and is following the evolution in order to stay up to date with the most recent developments and providing our customers with responses that reflect them.
For further details please refer to this link