Security & ComplianceThis page contains our information about our data security and regulatory compliance. We are committed to keeping your data safe and secure, by using best practices to protect our systems.
ISO/IEC 27001:2022 Compliance
We never send your data over the wire “in plain sight.” Communications across our internal network are via secure private VPN.
PCI DSS Compliance
Because we must securely handle your sensitive information before passing it to Stripe, we are also PCI Data Security Standard compliant. Our certification can be found here.
Legal & Privacy
To that end, we host our data securely on servers located in Canada and follow all rules associated with PIPEDA. Our complete terms of service and privacy policies can be found here.
ManageBac is compliant with GDPR. For more information about our GDPR-related policies, click here.
ManageBac is compliant with the Chinese Cybersecurity Law, including the Provisions on the Cyber Protection of Children’s Personal Information which can be found here. Chinese schools use a .cn domain and their data is hosted within China. We also hold ICP 17051512 and an Information Classified Security Protection Certificate.
We comply with all applicable data protection policies in the countries where we do business, including those of:
- The United Kingdom
- The United States of America
We have compiled an analysis of some of these policies which you can read here.
Our internal security policies are governed under ISO 27001. Key points include:
- All access to production data is carefully controlled and limited
- Physical access to laptops and servers is monitored and controlled
- Passwords are held to a high standard of security
- All devices that access our systems are scanned for malware and centrally-managed
- All users undergo a required security training on an annual basis
- Our Security Incident Response Team is kept on 24/7 standby and meets weekly to review our security posture
- We remain vigilant for new security threats and monitor major reported breaches and vulnerabilities to understand their potential impact on our operations
Business Continuity & Disaster Recovery
Our entire workforce employs a ‘remote first’ mindset to be able to work anywhere. In the event of a natural disaster or serious network issue, we can quickly resume operations in alternate locations.
Phone: +1 866 297 7022