Anthology Trust Center

ISO 27001 (Information security, cybersecurity, and privacy protection)

This certification demonstrates that an external independent audit has established that Anthology’s information security system is comprehensive and meets the globally recognized ISO/IEC standards.

Products: Blackboard Learn SaaS and SafeAssign, CampusNexus CRM, Anthology Ally, Anthology Encompass, Anthology Engage, Anthology Finance & HCM, Anthology Illuminate, Anthology Occupation Insight, Anthology Reach, Anthology Student, Anthology Student Verification

ISO 27017 (Information security for cloud services)

This certification demonstrates that an external independent audit has established that Anthology’s information security system meets additional ISO/IEC standards regarding the security of cloud services.

Products: Blackboard Learn SaaS and SafeAssign, CampusNexus CRM, Anthology Ally, Anthology Encompass, Anthology Engage, Anthology Finance & HCM, Anthology Illuminate, Anthology Occupation Insight, Anthology Reach, Anthology Student, Anthology Student Verification

ISO 27018 (Protecting personal information in the cloud)

This certification demonstrates that an external independent audit has established that Anthology’s information security system meets additional ISO/IEC standards regarding the protection of personal information as a cloud service provider.

Products: Blackboard Learn SaaS and SafeAssign, CampusNexus CRM, Anthology Ally, Anthology Encompass, Anthology Engage, Anthology Finance & HCM, Anthology Illuminate, Anthology Occupation Insight, Anthology Reach, Anthology Student, Anthology Student Verification

ISO 27701 (Privacy information management system)

This certification demonstrates that that an external independent audit has established Anthology’s privacy information system is comprehensive and meets the globally recognized ISO/IEC standards regarding the use of personal information as a processor.

Products: Blackboard Learn SaaS and SafeAssign, CampusNexus CRM, Anthology Ally, Anthology Encompass, Anthology Engage, Anthology Finance & HCM, Anthology Illuminate, Anthology Occupation Insight, Anthology Reach, Anthology Student, Anthology Student Verification

SOC 1 (Independent report on controls relevant to financial reporting)

The SOC 1 report is an independent examination of Anthology’s internal control environment that may be relevant to our clients’ internal controls over financial reporting and is performed by a licensed third-party auditor.

Products: Anthology Student

SOC 1 reports can be requested through your sales manager or customer success manager.

SOC 2 (Independent security assessment report)

The SOC 2 report is an independent examination of Anthology’s control environment regarding data security and is performed by a licensed third-party auditor.

Products: Blackboard Learn SaaS, Anthology Reach, Anthology Student

SOC 2 reports can be requested through your sales manager or customer success manager.

PCI DSS – Level 1 (Security for credit card data)

Anthology’s compliance with the Payment Card Industry Data Security Standard (PCI DSS), an information security standard for protecting credit card data, is validated by an external auditor (Qualified Security Assessor) at the most stringent level of assessment. Anthology is part of the Visa Global Registry of Service Providers.

Products: Anthology Encompass

More information about our PCI DSS compliance can be requested through your sales manager or customer success manager.

FedRAMP Moderate (U.S. Government security authorization)

FedRAMP Moderate authorization is awarded by the U.S. Government to cloud services that meet the high security requirements and processes that must be followed for government agencies to use their service.

Products: Blackboard Learn SaaS (GovCloud)

Our current authorization status can be found on the FedRAMP Marketplace.

More information about our FedRAMP Moderate authorization can be requested through your sales manager or customer success manager.

StateRAMP (U.S. public sector security authorization)

Anthology has achieved StateRAMP Authorized status for multiple products, demonstrating adherence to NIST-based security controls and best practices. Additionally, Anthology is actively pursuing further authorizations through StateRAMP’s Progressing Snapshot program, supporting our commitment to multi-state compliance.

Products*: Blackboard Learn SaaS, Anthology Reach, Anthology Student, Anthology Engage, Anthology Finance & HCM, Anthology Occupation Insight

*Products that are fully authorized or enrolled in the StateRAMP Progressing Snapshot program. Our current authorization status can be found on StateRAMP’s Authorized Product List.

More information is available through StateRAMP’s Government Engagement Team, and through your sales manager or customer success manager.

TX-RAMP (U.S. public sector security certification)

Anthology has multiple products certified under the Texas Risk and Authorization Management Program (TX-RAMP), aligning with our broader cloud security strategy, including StateRAMP participation and other industry certifications. See the full list at TX-RAMP Certified Cloud Products.

EU-U.S. Data Privacy Framework (Protecting EU personal information)

Anthology’s participation in the EU-U.S. Data Privacy Framework (DPF) demonstrates Anthology’s commitment to protecting EU personal information when transferred/accessed outside of the EU/EEA.

Products: All products

More information is available in our DPF Statement and in the DPF register.

Student Privacy Pledge (Safeguarding K-12 personal information)

Anthology is a signatory of the Student Privacy Pledge 2020, which commits Anthology to principles on the safeguarding and use of personal information of U.S. K-12 students.

Products: All products

More information is available on the Student Privacy Pledge website.

Higher Education Community Vendor Assessment Toolkit (HECVATs)

Anthology has completed and maintains the Higher Education Community Vendor Assessment Toolkit (HECVAT) with detailed information about security controls for its products.

Products: All products

HECVATs are product-specific and can be requested through your sales manager or customer success manager.

More information on the HECVAT is available at the EDUCAUSE website.