As part of our ongoing prioritization of privacy and security, D2L made a number of industry-leading commitments in August and September 2023. We document our advances to meeting those pledges below.
On August 8, 2023, D2L CEO John Baker was invited to announce several D2L commitments at a White House forum hosted by First Lady Jill Biden.
In September 2023, D2L was among the first in the sector to sign The U.S. Cybersecurity and Infrastructure Security Agency (CISA)’s ‘Secure by Design’ voluntary pledge for K-12 Education Technology software manufacturers.
D2L recognizes that an ever-evolving threat landscape requires us to be vigilant and adaptable to help keep learning safe and secure. Through these and other ongoing steps, D2L will continue to work closely with customers to implement strong privacy and security controls that reduce cybersecurity burdens on our school and other partners so that educators can better focus on their core mission of teaching and learning.
In the coming months, D2L will make additional updates to meet these cybersecurity commitments and document those on this page.
New Cybersecurity Business Leader: Stephen Laster
In accordance with Principle 3 of the Secure by Design pledge, Stephen Laster, President at D2L, is serving as D2L’s senior cybersecurity business leader to help bring further accountability for cybersecurity to the most senior levels of D2L. Stephen is responsible for managing the ongoing process of integrating security as a core function of the business alongside D2L’s longstanding Chief Technology Officer and Chief Information Security Officer Nick Oddson, including the development and implementation of D2L's upcoming Secure by Design roadmap.
Free SSO for Customers
As of March 2023, D2L offers Security Assertion Markup Language (SAML)-based Single Sign On (SSO) to all customers at no extra charge, to help reduce password-based cyber-attacks. Customers can find details on how to configure and manage their SSO on the Brightspace Community.
Security Audit Log Assistance
D2L assists customers at no additional charge in responding to security questions and incidents including with regard to product and server log analysis for response to security/penetration testing, compromised user accounts, email phishing and vulnerabilities. In exceptional circumstances, fees may apply to limit cases of extraordinary scope. Customers can find details about the scope of service on the Brightspace Community.
Reduce the School Burden of Vetting Third-Party Tools
D2L is helping to reduce the burden for school IT departments that are responsible for reviewing numerous third-party tools and applications. While this type of review is already a standard practice for D2L, the new “D2L Security Reviewed” badge on the D2L Partner Integration Hub helps signify which third-party partners have demonstrated their commitment to information security. These partners have been confirmed by D2L experts to satisfy the following standards:
- Undergone a comprehensive information security review, including submitting a SOC2 Type 2 third-party report or its equivalent, or
- Completed an AI impact assessment (if relevant) that is reviewed by D2L’s internal AI working group
D2L’s industry-leading privacy and security controls include encryption by default, key security certifications, and other layered protections. D2L regularly achieves updated 3rd party verified certifications, including: ISO 27001, ISO 27017, ISO 27018, TX Ramp Provisional security certifications and privacy certification 27701.
Where do I go to find out more?
Introducing SAML and SAML Administration blog post
Security Audit Log Assistance Policy Blog Post