As the Director of DevSecOps, I’m proud to share our ongoing commitment to security and excellence at Rustic Software. Our team is dedicated to implementing robust security policies and practices to reduce risks and ensure our products run optimally. Our journey began in 2020 when Rustici received its initial ISO-27001 certification. Since then, we have continuously improved our processes, leading to further achievements. Recently, we successfully completed the Service Organization Control (SOC) 2 Type II audit and gained ISO-27701 certification.

Strengthening security with SOC 2 audit and ISO-27701 certification

SOC 2 is a crucial benchmark in cybersecurity developed by the American Institute of Certified Public Accountants (AICPA), ensures secure data management and privacy protection by evaluating an organization’s security, availability, processing integrity, confidentiality, and privacy. By achieving SOC 2 compliance, Rustici has demonstrated that our platforms and hosting infrastructure meet the highest standards for security and customer confidentiality.

ISO-27001, an international standard, guarantees secure management of office sites, development centers, support centers and data centers. ISO-27701 extends ISO-27001, focusing on data privacy and processing requirements. These certifications, awarded by the independent auditor A-LIGN, underscore our dedication to maintaining the highest security standards. They are valid for three years, with annual surveillance audits to ensure ongoing compliance.

Collaborative security governance

Our security processes across Rustici Software and our parent company, LTG, have matured significantly. We now have a shared Governance, Risk, and Compliance (GRC) team that provides critical, independent, and objective oversight of our security practices. This synergy allows us to exchange security practices and ideas, enhancing our overall security posture across our managed hosted products, which include:

  1. SCORM Cloud
  2. Managed Hosted Rustici Engine
  3. Managed Hosted Content Controller
  4. Watershed LRS

Commitment to continuous improvement

Achieving SOC 2 and ISO-27701 certifications was a natural progression for us. Our existing security controls and practices were well-positioned to meet these new standards, demonstrating our readiness to adapt to evolving data privacy laws and requirements.

While these certifications are attractive to prospective customers, they are more than just badges of honor. They provide assurance to our customers and stakeholders that we have implemented effective controls to protect their data. However, we recognize that no system is infallible. We remain vigilant, continuously improving our security measures to stay ahead of emerging threats and ensure the highest level of data protection.

Looking ahead

As data privacy laws continue to evolve, so will our security practices. We are committed to staying ahead of the curve, ensuring that our applications and processes comply with new regulations as they emerge. Our journey toward enhanced security is ongoing, and we look forward to maintaining and exceeding the standards that our customers and partners expect from us.

Brian Rogers is the team lead for the DevSecOps team at Rustici Software ensuring our products are running securely and optimally. He is one of the O.G. Rustici employees with years spent on the inner-workings of countless customer LMSs and even his own LMS.