Our Commitment to Security

Last Updated: 2023/09/28

We practice what we preach:

Studypages uses enterprise-grade security and regular audits to ensure you’re always protected. We undergo regular penetration testing and security reviews designed to be HIPAA and SOC 2 compliant.

Application Security

  • Data is encrypted in transit with TLS 1.2. Data is encrypted at rest with AES.
  • Independent third-party penetration, threat, and vulnerability testing.
  • User access controls with single sign on and MFA.

Our policies are based on the following foundational principles

  • Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.
  •  Security controls should be implemented and layered according to the principle of defense-in-depth.
  • Security controls should be applied consistently across all areas of the enterprise.
  • The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.

Continuous Security Commitment

  • Penetration Testing

We perform an independent third-party penetration test at least annually to ensure that the security posture of our services is uncompromised.

  •  Security Awareness Training

Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.

  • Third-Party Audits

Our organization undergoes independent third-party assessments to test our security controls.

  • Roles and Responsibilities

Roles and responsibilities related to our information security program and the protection of our customer’s data are well-defined and documented.

  • Information Security Program

We have an information security program in place that is communicated throughout the organization. Our information security program follows the criteria set forth by SOC 2 and HIPAA.

  • Continuous Monitoring

We continuously monitor our security and compliance status to ensure there are no lapses.

Data privacy

At Studypages, data privacy is a first-class priority—we strive to be trustworthy stewards of all sensitive data.

  • Privacy Shield

Studypages maintains an active Privacy Shield Membership

  •  Regulatory compliance

Studypages evaluates updates to regulatory and emerging frameworks continuously to evolve our program.