Degreed Trust Center
Your data’s security matters. Learn about how Degreed protects your data, our security practices, and how we stay compliant with regulations.
See Security and Compliance Documentation
Compliance
SOC 2 Type 2
TISAX
GDPR
Data Privacy Framework (DPF)
Resources
The latest security and compliance resources and reports
Degreed Privacy Policy
Degreed Data Privacy, Protection and Information Security Policies Overview
Degreed Service Level Agreement
SOC 2 Type II Report
Web Application Penetration Test Report
Mobile Applications Penetration Test Report
Degreed DAST Scan Report (Full Scan)
Degreed full, authenticated, Dynamic Application Security Test report.
Degreed DAST Network Scan Report
Degreed Dynamic Application Security Test report for network scan.
Disaster Recovery (DR) Test
Business Continuity Plan (BCP) Test
Monitoring
Continuously monitored by Secureframe
Security Rating
At our organization, we prioritize security and transparency. Our Security Scorecard Rating provides insight into our commitment to maintaining a secure environment.
View Degreed RatingFAQs
Frequently asked questions about security and privacy
How does Degreed handle risk assessment?
Degreed's security team performs formal risk assessment by following its Risk Assessment and Treatment Policy and maintains a risk register for all the findings in Jira.
How does Degreed manage vulnerabilities?
Degreed manages vulnerabilities through its Vulnerability Management Policy, as well as the annual third-party penetration tests, SAST and DAST scanners and tracking high-risk findings to resolution using its Jira ticketing system.
What does Degreed's Incident Response Plan cover?
The plan involves procedures for identifying, prioritizing, communicating, tracking, and resolving security incidents and includes periodic testing and post-mortem meetings for improvement.
How does Degreed ensure endpoint security?
By implementing full-disk encryption, DNS filtering, advanced Endpoint Detection & Response, Mobile Device Management, and regularly monitoring for threats.
What scans does Degreed perform to identify system vulnerabilities?
Degreed performs Static Application Security Testing (SAST), Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST), Penetration Testing, Code Peer Review, SQL Vulnerability Assessment, and Network Scans.
How does Degreed manage vulnerable software?
Degreed uses third-party tools to detect and auto-update vulnerable software on employees' workstations and Azure servers.
How does Degreed manage security for corporate assets?
Degreed follows an asset management policy, email protection with DMARC, annual security training for employees, background checks, incident response planning, Single Sign-On, and regular penetration testing.
Where is Degreed's infrastructure hosted?
Degreed’s infrastructure is hosted by Azure in multiple regions including the United States, Europe, and Canada.
What measures does Degreed take for Business Continuity and Disaster Recovery (BC/DR)?
Degreed has a formal BC/DR plan, conducts annual backup restoration testing, monitors uptime and availability.
What encryption standards does Degreed follow?
Customer data is encrypted-at-rest using AES-256 and encrypted-in-transit using TLS 1.2.