Log In
Our products
Icon-AI-Powered
How It Works

See how Certiverse builds your certification in days

Security & Compliance
Security & Compliance

Enterprise-grade security you can prove to your stakeholders

Icon-Bias-Review
Integrations

Connect the tools your team already uses

By use case
Customer Certification
Customer Certification

Turn your training program into a credential that means something

Icon-SME-Collaboration-64x64
Partner Enablement

Prove your partners know their stuff — and show it

Security & Compliance
Professional Credentials

Launch an industry-recognized certification from scratch

By program maturity
Icon-Validated-Certification
New to Certification

Never built a certification before? Start here.

Icon-Guided-Steps
Existing Programs

Already running a program? Move off legacy systems without the 12-month wait.

Learn
Speech-Mark-Open
Blog

Insights for certification builders

Customer Certification
Customer Stories

How teams launched with Certiverse

Icon-Validated-Certification
Certification 101

The fundamentals of building a defensible certification

Icon-Transparent-64x64
E-books & Guides

Deep dives on exam design and credentialing

Support
Security & Compliance
Documentation

Guides, APIs, and technical references

Icon-Guided-Steps
Help Center

Answers to common questions

Icon-SME-Collaboration-64x64
Contact Support

Talk to our team

Compare
Icon-Speed-Fast (1)
vs. Legacy Vendors

Why teams are moving away from PSI and Pearson

Icon-Bias-Review
vs. LMS Platforms

Why quizzes aren't certifications

Community
Icon-Speed-Clock
Community

Connect with certification builders

Security & Compliance

Your certifications
deserve protection.

Enterprise-grade encryption, trusted Azure infrastructure, and real compliance frameworks. So your security team says yes and your program stays secure.

Illustration-Hero-Security
Icon-Compliance_light-green

SOC 2 Type II
Via Vanta
Icon-Validated-Certification

ISO 17024
Aligned workflows
Icon-Compliance_light-green

GDPR
Compliant
What we believe about certification

Governance built for certification

Security is at the heart of what we do. Our Security and Privacy teams establish policies and controls, monitor compliance with those controls, and validate our practices through independent audits.

Icon-Compliance

Least privilege access

Access is limited to those with a legitimate business need, and granted based on the principle of least privilege.

Icon-Validated-Certification-1

Defense in depth

Security controls are implemented and layered according to the principle of defense in depth.

Icon-Partner

Applied to all

Security controls are applied consistently across all areas of the enterprise.

Icon-Transparent

Transparent by default

Controls are iteratively adapted for effectiveness, auditability, and reduced friction.

Protecting your program's value

Data security

Your exam content, candidate records, and certification results are protected at every layer.

Encryption at rest

All datastores containing customer data are encrypted at rest with AES-256 encryption. Sensitive collections and tables use additional row-level encryption, so the data is protected even before it reaches the database. Neither physical access nor logical access alone is enough to read your most sensitive information.

  • AES-256
  • Azure-managed

Encryption in transit

Certiverse uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. We also enforce HSTS (HTTP Strict Transport Security) to maximize protection. Server TLS keys and certificates are managed by Microsoft Azure and deployed via Azure's content distribution network.

  • TLS 1.2+
  • HSTS enforced

Secret management

Encryption keys are managed through Azure Key Vault, which stores keys in FIPS 140-2 validated hardware security modules (HSMs). Application secrets are encrypted and stored securely within Key Vault, and access to these values is strictly limited.

  • Azure Key Vault
  • FIPS 140-2

Data handling

Certiverse collects customer personally identifiable information as needed to deliver your certification program. We do not collect credit card information directly (payments are processed by Stripe) and we do not collect personal health information.

  • Privacy by design
Icon-Tick-Circle-64x64 (1)
Customer PII (necessary for certification delivery)
Icon-Cross-Circle_Light-green
Credit card information
Icon-Cross-Circle_Light-green
Personal health information

Infrastructure and reliability

Built on world-class cloud infrastructure designed for availability and performance.

Icon-Compliance

Azure

Cloud Platform
Hosted on Microsoft Azure with enterprise-grade physical security, network controls, and Azure's own compliance certifications.

Icon-Location

US

Data Hosting
Data is hosted in the United States on Azure's secure infrastructure, with the physical and logical protections of a Tier 1 cloud provider.

Icon-Speed-Clock-1

24/7

Global Availability 
Certiverse is accessible around the clock, so your candidates and administrators can work whenever and wherever they need to.

Product security

Our security and data forensics experts built Certiverse to withstand and anticipate the changing landscape of product threats.

Icon-Secure

Static analysis (SAST)

Code is automatically analyzed during pull requests and on an ongoing basis to catch security issues before they reach production.

Icon-Exam-Blueprint_icon

Supply chain security

Malicious dependency scanning prevents the introduction of malware into our software supply chain, and software composition analysis (SCA) identifies known vulnerabilities in third-party components

Icon-Transparent

External attack surface

External attack surface management (EASM) runs continuously to discover new external-facing assets and network vulnerability scanning runs on a periodic basis.

Enterprise security

How we protect our own infrastructure, endpoints, and people.

Icon-Secure

Endpoint protection

All corporate devices are centrally managed with mobile device management software and anti-malware protection. We enforce disk encryption, screen lock configuration, and automatic software updates. Endpoint security alerts are monitored 24/7/365.

  • MDM
  • 24/7 monitoring
Icon-Customer-Certification

Identity and access management

Certiverse uses Okta to secure internal identity and access management, enforcing phishing-resistant authentication factors with WebAuthn wherever possible. Employee access is role-based and automatically deprovisioned upon termination.

  • Okta
  • WebAuthn
Icon-Customer-Stories

Security education

All employees complete comprehensive security training upon onboarding and annually through Vanta's platform. New engineers attend a mandatory session on secure coding practices. Our security team shares regular threat briefings across the company.

  • Ongoing training
Icon-Transparent

Vendor security

We use a risk-based approach to evaluate vendors, assessing factors such as data access, production integration, and potential impact. Each vendor's inherent risk is rated, security is evaluated, and a residual risk rating determines the approval decision.

  • Risk-based review
Verification for validity

Access and identity
in the platform

Control who can access your certification program and what they can do within it.

Role-based access control

Define custom roles and assign granular permissions. Control who can create exams, review items, manage candidates, view reports, and administer your program from a single dashboard.

  • Custom roles and permissions

Authentication

Certiverse uses Auth0 for secure identity management, with credential-based authentication and enforced password policies to protect every account on the platform.

  • Auth0
  • Secure login

Infrastructure access controls

Production database access requires unique secure authentication. Firewall and production OS access are restricted to authorized users with a business need. All access is revoked upon termination, and remote access to production systems requires valid MFA.

  • MFA enforced (production)

Audit trail

User actions within the platform are logged internally, providing a clear audit trail for compliance and governance. Certiverse maintains these logs to support security investigations and operational oversight.

  • Internal audit trail

Compliance and certifications

We align with industry frameworks so your security team can check the boxes that matter.

Icon-Validated-Certification-1

SOC 2 Type II

Certiverse is implementing the SOC 2 Type II framework through Vanta's compliance platform, demonstrating our adherence to the Trust Services Criteria for security, availability, and confidentiality. The process is managed through continuous monitoring and validated by an independent third-party auditor.

Request SOC 2 details
Icon-Validated-Certification-1

ISO/IEC 17024 alignment

Our platform workflows are designed to align with ISO/IEC 17024 requirements for personnel certification bodies. This means your certifications follow internationally recognized standards for competence assessment and credentialing.

Learn about our methodology
Icon-Validated-Certification-1

GDPR compliance

We comply with the EU General Data Protection Regulation, including data subject rights, lawful processing, and data minimization. A standard Data Processing Agreement (DPA) is available, along with our full list of subprocessors.

View Private Policy
Icon-Validated-Certification-1

Privacy Shield

Certiverse maintains an active Privacy Shield agreement, providing an additional framework for data protection when handling personal data transferred between jurisdictions.

View Private Policy

Subprocessors

The partners we trust with your data.

Icon-Tick-Circle_green

Microsoft Azure
Data hosting
Icon-Tick-Circle_green

Auth0
Identity management
Icon-Tick-Circle_green

Stripe Payments
Payment collection
Icon-Tick-Circle_green

Sendgrid
Email delivery

Data privacy and documentation

Access the documentation your team needs for security reviews and vendor assessments.

Icon-Exam-Blueprint-1

Privacy Policy

Our complete privacy policy covering data collection, processing, and your rights.

View Privacy Policy
Icon-Validated-Certification-1

Data Processing Agreement

Standard DPA for GDPR compliance, ready to review and sign

View DPA
Icon-Customer-Certification

Subprocessor List

A complete list of the third-party services that process data on our behalf

View Subprocessors

Responsible disclosure
If you've found a security concern, we want to hear about it. Please reach out through our contact page and our security team will respond promptly.

Report a concern

Have security questions?

We're happy to walk through our security practices with your team. No sales pitch, just honest answers.

Talk to our team
Start free trial
  • 14-day free trial available. Credit card required. Cancel anytime.