Skip to main content

Certifications Overview

CoGuide maintains the highest standards of security, privacy, and compliance through various certifications and adherence to industry standards. This comprehensive list outlines all certifications needed and maintained for educational technology platforms.
Continuous Compliance: CoGuide undergoes regular audits and maintains active certifications to ensure the highest standards of data protection and security.

Security Certifications

SOC 2 Type II

Service Organization Control 2 Type II

Security

Information Security
  • Access controls and authentication
  • System monitoring and logging
  • Incident response procedures
  • Data encryption and protection

Availability

System Availability
  • System uptime and reliability
  • Disaster recovery procedures
  • Business continuity planning
  • Performance monitoring
Requirements:
  • Annual third-party audits
  • Continuous monitoring of security controls
  • Regular risk assessments
  • Incident response testing
  • Staff security training

ISO 27001

Information Security Management System
1

Information Security Policy

Establish and maintain information security policies and procedures.
2

Risk Assessment

Conduct regular risk assessments and implement appropriate controls.
3

Security Controls

Implement comprehensive security controls across all systems.
4

Continuous Improvement

Regular review and improvement of security management system.
Requirements:
  • Information security management system
  • Risk management framework
  • Security control implementation
  • Regular internal audits
  • Management review and improvement

ISO 27017

Cloud Security Controls
  • Cloud-specific controls: Security controls specific to cloud computing
  • Data protection: Enhanced data protection in cloud environments
  • Access management: Cloud-specific access control measures
  • Incident response: Cloud security incident response procedures
  • Service agreements: Clear security requirements in service agreements
  • Monitoring: Continuous monitoring of cloud services
  • Compliance: Regular compliance assessments
  • Transparency: Clear communication about security practices

ISO 27018

Cloud Privacy Controls

Personal Data Protection

Privacy in Cloud
  • Personal data protection in cloud
  • Data subject rights
  • Consent management
  • Data minimization

Transparency

Clear Communication
  • Clear privacy policies
  • Data processing transparency
  • Regular privacy updates
  • User communication

Educational Compliance

FERPA Compliance

Family Educational Rights and Privacy Act
1

No PII Collection

Ensure no personally identifiable information is collected from students.
2

Educational Purpose

Use data only for legitimate educational purposes.
3

School Control

Ensure schools maintain complete control over student data.
4

Parental Rights

Respect all parental rights under FERPA.
Requirements:
  • Annual FERPA compliance training
  • Regular policy reviews
  • Legal compliance monitoring
  • Documentation of compliance measures
  • Incident response procedures

COPPA Compliance

Children’s Online Privacy Protection Act
  • School-controlled data: All data collection controlled by schools
  • No personal information: No collection of personal information from children
  • Educational purpose: Data collection serves educational purposes only
  • Parental consent: Schools obtain necessary parental consent
  • Data minimization: Collect only necessary data
  • Security measures: Strong security measures for children’s data
  • No commercial use: No commercial use of children’s data
  • Transparency: Clear communication about data practices

State Privacy Laws Compliance

California Student Privacy Rights Act (CalSPRA)

  • Strong privacy protections: Enhanced privacy protections for student data
  • No commercial use: Prohibition on commercial use of student data
  • Data minimization: Collection of only necessary data
  • Parental rights: Strong parental rights regarding student data

New York Education Law Section 2-d

  • Data security: Strong data security measures
  • Privacy protection: Comprehensive privacy protection
  • Parental rights: Respect for parental rights
  • School policies: Compliance with school data policies

Illinois Student Online Personal Protection Act (SOPPA)

  • Data transparency: Clear data collection and use practices
  • Parental control: Strong parental control over student data
  • No commercial use: No commercial use of student data
  • Regular updates: Regular updates to privacy practices

International Compliance

GDPR Compliance

General Data Protection Regulation (EU)

Data Protection Principles

Core Principles
  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy and storage limitation

Individual Rights

Data Subject Rights
  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to data portability
Requirements:
  • Data Protection Impact Assessments (DPIA)
  • Data Protection Officer (DPO) appointment
  • Privacy by design implementation
  • Regular compliance audits
  • Breach notification procedures

PIPEDA Compliance

Personal Information Protection and Electronic Documents Act (Canada)
1

Consent Management

Obtain appropriate consent for data collection and use.
2

Purpose Limitation

Use personal information only for stated purposes.
3

Data Security

Implement appropriate security measures.
4

Individual Access

Provide individuals access to their personal information.

Technical Certifications

Cloud Security Alliance (CSA) STAR

Security, Trust & Assurance Registry
  • Comprehensive security: Implementation of comprehensive security controls
  • Risk management: Effective risk management practices
  • Incident response: Robust incident response procedures
  • Continuous monitoring: Continuous security monitoring
  • Public disclosure: Public disclosure of security practices
  • Regular updates: Regular updates to security information
  • Third-party validation: Third-party validation of security controls
  • Industry standards: Adherence to industry security standards

FedRAMP Authorization

Federal Risk and Authorization Management Program

Government Standards

Federal Compliance
  • NIST security controls
  • Government security requirements
  • Federal data handling
  • Security assessment procedures

Continuous Monitoring

Ongoing Compliance
  • Continuous monitoring
  • Regular assessments
  • Incident reporting
  • Security updates

Industry Standards

NIST Cybersecurity Framework

National Institute of Standards and Technology
1

Identify

Identify and manage cybersecurity risks.
2

Protect

Implement safeguards to protect critical infrastructure.
3

Detect

Implement activities to identify cybersecurity events.
4

Respond

Implement activities to respond to cybersecurity incidents.
5

Recover

Implement activities to restore capabilities after incidents.

CIS Controls

Center for Internet Security Controls
  • Inventory and control: Inventory and control of hardware assets
  • Software inventory: Inventory and control of software assets
  • Data protection: Continuous vulnerability management
  • Access control: Controlled use of administrative privileges
  • Secure configuration: Secure configuration for hardware and software
  • Account management: Account management and control
  • Network security: Network security and monitoring
  • Data recovery: Data recovery capabilities

Privacy Certifications

Privacy Shield (Historical)

EU-US Privacy Shield Framework
Note: Privacy Shield was invalidated by the Court of Justice of the European Union in 2020. CoGuide uses alternative mechanisms for EU data transfers.

Standard Contractual Clauses (SCCs)

EU Standard Contractual Clauses for Data Transfers

Data Transfer Protection

International Transfers
  • Adequate protection for EU data
  • Standard contractual clauses
  • Data subject rights protection
  • Regulatory oversight

Compliance Monitoring

Ongoing Compliance
  • Regular compliance assessments
  • Legal requirement updates
  • Data protection impact assessments
  • Third-party audits

Healthcare Compliance (If Applicable)

HIPAA Compliance

Health Insurance Portability and Accountability Act
1

Administrative Safeguards

Implement administrative safeguards for protected health information.
2

Physical Safeguards

Implement physical safeguards for protected health information.
3

Technical Safeguards

Implement technical safeguards for protected health information.
4

Business Associate Agreements

Establish business associate agreements with third parties.

Financial Compliance

PCI DSS Compliance

Payment Card Industry Data Security Standard
  • Build and maintain: Secure networks and systems
  • Protect cardholder data: Protect stored cardholder data
  • Vulnerability management: Maintain vulnerability management programs
  • Access control: Implement strong access control measures
  • Regular monitoring: Regularly monitor and test networks
  • Information security policy: Maintain information security policy
  • Regular testing: Regular security testing and monitoring
  • Incident response: Incident response procedures

Ongoing Compliance Requirements

Regular Audits

  • Annual security audits: Third-party security audits
  • Compliance assessments: Regular compliance assessments
  • Penetration testing: Regular penetration testing
  • Vulnerability assessments: Regular vulnerability assessments

Training and Awareness

  • Staff training: Regular security and privacy training
  • Awareness programs: Security awareness programs
  • Incident response training: Incident response training
  • Compliance training: Regular compliance training

Documentation and Reporting

  • Policy documentation: Comprehensive policy documentation
  • Compliance reporting: Regular compliance reporting
  • Incident documentation: Incident documentation and reporting
  • Audit documentation: Audit documentation and findings

Certification Maintenance

Continuous Monitoring

  • 24/7 monitoring: Continuous security monitoring
  • Threat detection: Real-time threat detection
  • Incident response: Rapid incident response
  • Security updates: Regular security updates

Regular Reviews

  • Quarterly reviews: Quarterly security and compliance reviews
  • Annual assessments: Annual comprehensive assessments
  • Policy updates: Regular policy updates
  • Training updates: Regular training updates

Next Steps

Learn more about CoGuide’s compliance and security:

Privacy Policy

Detailed privacy policy and data protection measures.

Terms of Service

Terms of service and usage agreements.

Data Protection

Comprehensive data protection information.

Security

Security measures and incident response procedures.