Compliance

User privacy, data security, and product accessibility are very important to us. We are constantly working to enhance our privacy and data protection compliance programs and technical controls to ensure information stays private, safe, and secure for all of our global users. We also conduct ongoing reviews and updates of our platform to make sure it is accessible to all potential users. Please keep reading for more information about our compliance commitments.

We are committed to accessibility.

We want our platform to be accessible to everyone. Please review our Accessibility Statement to learn more about how we manage accessibility.

We are committed to privacy and data protection.

Privacy and data protection are very important to us, and we take diligent measures to protect personal information in accordance with global privacy and data protection laws. From our website visitors, to professors, to test-takers, we strive to provide all of our users with clear explanations about the scope of information we collect, how that information is used, the contexts in which it may be shared, and provide all other disclosures and rights available under applicable privacy laws.

Below is information about how ProctorU complies with specific global privacy and data protection laws:


SOC 2 Type II Compliance

SOC 2 Type II Compliance Logo

SOC 2 Type II certification demonstrates adherence to the System and Organization Controls (SOC) standards for service organizations, set by the American Institute for Certified Public Accountants. To achieve this certification, Meazure Learning underwent an extensive third-party audit of our internal controls and systems related to data security, confidentiality, and privacy. This audit evaluated the security of our data systems and our policies and procedures around data storage, transfer, and management. Meazure Learning is SOC 2 Type II certified.


Australia Privacy Act of 1988

The Privacy Act of 1988 is an Australian federal law that regulates how personal information is handled. ProctorU follows the 13 Australian Privacy Principles and the other requirements of the Privacy Act to ensure transparency with respect to its processing of Australian user information.


California Consumer Privacy Act (CCPA)

The CCPA is a California state statute providing privacy protections and rights to residents of California. ProctorU complies with the requirements of the CCPA. If you are a California resident user, click here to learn more about your rights under the CCPA.


COPPA

COPPA is a U.S. federal law that protects the online privacy of children under 13. ProctorU does not process information from children under 13 without parental or guardian consent. For more information, please see our privacy policy.


Family Educational Rights and Privacy Act (FERPA)

FERPA is a U.S. federal law that protects the privacy of students’ education records. ProctorU enables its education partners to comply with their FERPA obligations when using ProctorU’s services. ProctorU also maintains administrative, physical, and technical controls to ensure that no unauthorized persons are able to gain access to any student information that would be considered confidential under FERPA.


European General Data Protection Regulation (GDPR)

The GDPR lays out specific requirements for businesses and organizations who offer goods and services to users in the European Economic Area. It regulates how businesses can collect, use, and share personal data and sets forth different obligations for “controllers” who determine the purpose and means of processing and “processors” who process personal information at the direction of controllers. In most contexts, ProctorU is a processor for controller educational institutions or certifying entities. ProctorU also takes measures to ensure that data transferred outside of the European Economic Area is protected in accordance with European law. For more information, please see our Privacy Policy and our Standard Contractual Clauses.


New Zealand Privacy Act 2020

The Privacy Act 2020 is a national law that regulates information privacy. ProctorU follows the 13 Information Privacy Principles and the other requirements of the Privacy Act to ensure transparency with respect to its collection, handling, and use of New Zealand user information.


Payment Card Industry Data Security Standard (PCI-DSS)

PCI DSS is an international mandatory compliance requirement for all organizations processing, storing, transmitting, or accessing cardholder information for any of the major payment card brands and demands strict security controls to be applied to protect cardholder information. ProctorU is compliant with the current version of PCI DSS.


Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)

PIPEDA is a Canadian federal privacy law governing how businesses must handle personal information in the course of commercial activity. ProctorU is compliant with the 10 Fair Information Principles set forth in PIPEDA to ensure fair handling of Canadian user information.


Student Privacy Pledge Signatory

The K-12 School Service Provider Pledge to Safeguard Student Privacy is a voluntary pledge for K-12 school service providers who commit to responsible stewardship and appropriate use of student personal information. ProctorU has signed the pledge and abides by its commitments. You can review the pledge here.


IMS Global Data Privacy Certification

IMS Global is the world-leading non-profit collaborative advancing edtech interoperability, innovation, and learning impact. IMS enables a plug-and play-architecture and ecosystem that provides a foundation on which innovative products can be rapidly deployed and work together seamlessly. IMS member suppliers are the market leaders in innovation. IMS member institutions are getting to the future of digital learning faster. IMS certification is a bond of trust and commitment to creating innovative products that work together for the benefit of instructors, students, and institutions.


SecurityScorecard

SecurityScorecard is a global leader in cybersecurity ratings. Ratings indicate a company’s cybersecurity health across ten groups of risk factors based on objective data collected across the internet. Meazure Learning monitors its scores continuously in order to mitigate risks and meet industry compliance standards.


We are committed to exam integrity.

Our partners trust us to ensure their exams are administered fairly to ensure no test-taker gains an unfair advantage or misappropriates exam content. We are constantly striving to improve our technical and organizational safeguards to ensure that our exam integrity controls are balanced with user privacy.

We are committed to addressing your compliance questions.

For a general list of compliance FAQs please visit our FAQ page under the “Compliance/Privacy” tab. If you have specific questions about ProctorU’s compliance measures, please email us at [email protected].