edu Business Solutions Security & SOC 2 Compliance
At edu Business Solutions, protecting your data is a core requirement of how we build and deliver our software. Our security program is aligned with the SOC 2 Trust Services Criteria so that IT, security, and procurement teams can rely on a consistent, audited framework when evaluating us as a vendor.
How we protect your data
Our security practices cover people, processes, and technology. At a high level, we focus on:
- Access control – ensuring only authorized users and staff can access systems and data.
- Data protection – encrypting data in transit and at rest using industry-standard methods.
- Monitoring & response – logging key events and responding quickly to issues.
- Reliability & continuity – designing for availability and tested recovery procedures.
- Secure development – incorporating security into our software development lifecycle.
Key security controls
Identity & access management
Access to customer data is limited to authorized personnel based on role and job function. Access is reviewed on a recurring basis.
- Role-based access with least-privilege principles.
- Strong authentication for internal administrative systems.
- Documented onboarding and offboarding procedures for account management.
Data security
We use encryption to protect data both when it is stored and when it is transmitted between your browser and our services.
- TLS for all customer connections to our applications.
- Encryption at rest using industry-standard algorithms.
- Controlled access to production data stores.
Monitoring & reliability
Our systems are monitored for performance and security-relevant events, and we have processes in place to investigate and respond to alerts.
- Centralized logging for key infrastructure and application events.
- Automated alerting and on-call coverage for critical services.
- Documented backup and recovery procedures for critical data.
Secure development practices
Security is built into our software development lifecycle from design through deployment.
- Change management processes for deploying updates to production.
- Code reviews that include security and quality considerations.
- Regular updates and patching of underlying systems and dependencies.
SOC 2 alignment summary
The table below summarizes how our controls align with the SOC 2 Trust Services Criteria. For detailed information, including scope and testing performed, please contact us to request current documentation.
| Category | What it covers | Our focus |
|---|---|---|
| Security | Protecting systems and data against unauthorized access. | Covered by our security controls: access management, network protections, monitoring, and logging. |
| Availability | Helping ensure systems are available for operation and use. | Covered by our reliability controls: backups, recovery procedures, and monitoring of critical services. |
| Confidentiality | Protecting confidential information from unauthorized disclosure. | Covered by our data protection controls: encryption, restricted access, and data handling procedures. |
| Processing integrity | Helping ensure processing is complete, valid, accurate, and timely. | Addressed through application controls, change management, and quality assurance processes. |
| Privacy | Handling personal information in line with commitments. | Addressed through policies, agreements, and controls related to collection, use, and retention of personal information. |
Note: This section is a high-level summary of our security program and SOC 2 alignment. It is not a substitute for a full SOC 2 report. Your organization’s security, privacy, or compliance team may request additional documentation as part of vendor review.
Data lifecycle & incident response
Data lifecycle
We collect and use only the information necessary to provide and improve our services, and we handle customer data in accordance with our agreements.
- Data classification guidelines for how different types of data are handled.
- Retention based on contractual, legal, and operational needs.
- Processes to support secure data deletion in line with customer agreements.
Incident response
We maintain an incident response plan that defines roles, responsibilities, and communication steps in the event of a security incident affecting our systems or your data.
- Documented incident response procedures and escalation paths.
- On-call coverage for critical incidents.
- Customer notification commitments for incidents that impact your data.
Contact our security team
If you have questions about edu Business Solutions’ security practices or need documentation for a vendor security review, we’re happy to help.
Email: info@edubusinesssolutions.com
Suggested subject line:
“Security Review – SOC 2 & Controls”
To help us respond quickly, please include:
- Your organization’s name.
- Any specific questionnaires, checklists, or documents required.
- Relevant deadlines or key dates for your review.