Standards, Regulations & Certifications

To help you with compliance and reporting, we share information, best practices, and easy access to documentation. Our organization and our platform regularly undergo independent verification of security, privacy, and compliance controls, achieving certifications against global standards to earn your trust. We’re constantly working to expand our coverage.

Docebo commitment to information security and data protection is paramount

Docebo maintains an information security management system (ISMS) and within this framework, has defined a comprehensive information security program including a full set of controls implemented in accordance with ISO 27001 and AICPA SOC 2 managed by a dedicated security team. Docebo LMS is developed, maintained and operated through a Software Development Life Cycle (SDLC) and a Change Management process including the security by design principle and the highest security and quality standards.

ISO 9001

ISO 9001 outlines a process-oriented approach to documenting and reviewing the structure, responsibilities, and procedures required to achieve effective quality management within an organization.

The key to the ongoing certification under this standard is establishing, maintaining and improving the organizational structure, responsibilities, procedures, processes, and resources in a manner where Docebo products and services consistently satisfy ISO 9001 quality requirements.

We can provide the following ISO 9001 documentation

  • Certificate

Click here to require the documentation

ISO 27001

Managing information risks.

The ISO/IEC 27000 family of standards helps organizations keep information assets secure. ISO/IEC 27001 is a security standard that outlines and provides the requirements for an information security management system (ISMS). It specifies a set of best practices and details a list of security controls concerning the management of information risks.

The 27001 framework and checklist of controls allows Docebo to ensure a comprehensive and continually improving model for security management.

We can provide you the following ISO 27001 documentation:

  • Certificate
  • Statement Of Applicability (under NDA)
  • Last third party annual surveillance audit report  (under NDA)

Click here to require the documentation

SOC 2

SOC 2 is a report based on AICPA’s existing Trust Services principles and criteria. The purpose of the SOC 2 report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, and confidentiality or privacy. Docebo undergoes a regular third-party audit to certify individual products against this standard. Docebo has completed SOC 2 Type 1 audit for The Docebo Learning Management System and is on the process to undergo SOC 2 Type 2 audit.

We can provide you the following SOC documentation:

  • Current SOC 2 report  (under NDA)

Click here to require the documentation

GDPR and PRIVACY

Many of Docebo LMS Platform’s business customers operate in Europe or have european citizens as user of our platform and need to comply with the European Union’s General Data Protection Regulation (GDPR). The GDPR specifies a number of requirements companies must meet around protecting personal data.

Docebo is fully compliant with GDPR across Docebo LMS services.

Customer can require to inspect and accept our Data Processing Addendum..

Docebo is certified under both the EU-U.S. and Swiss-U.S. Privacy Shield frameworks and our certifications can be viewed on the Privacy Shield list.