Standards, Regulations & Certifications
Please refer to the Docebo Trust Center page for a complete overview of Docebo’s services, our security & privacy posture, and downloads of Docebo’s certificates and other documents.
To help you with compliance and reporting, we share information, best practices, and easy access to documentation from the Docebo Trust Center. Our organization and platform regularly undergo independent verification of security, privacy, and compliance controls, achieving certifications against global standards to earn your trust. We’re constantly working to expand our coverage.
Docebo’s commitment to information security and data protection is paramount
Docebo maintains an ISO 27001-certified information security management system (ISMS) and, within this framework, has developed a comprehensive information security program, including a complete set of controls implemented in accordance with ISO 27001 and AICPA/ISAE 3000 SOC 2 managed by a dedicated security team. Docebo services are developed, maintained, and operated through a Software Development Life Cycle (SDLC) and a Change Management process, which includes the security by design principle and the highest security and quality standards.
Docebo maintains a global privacy program that includes privacy reviews and risk assessments built into Docebo processes and systems from the ground up. Docebo’s privacy team is also committed to providing general and team-specific training and conducting awareness campaigns to ensure Docebo employees understand how to lawfully protect customer personal data. More information is available below and at the Docebo Trust Center.
ISO 9001
ISO 9001 outlines a process-oriented approach to documenting and reviewing the structure, responsibilities, and procedures required to achieve effective quality management within an organization.
The key to the ongoing certification under this standard is establishing, maintaining, and improving the organizational structure, responsibilities, procedures, processes,
and resources in a manner where Docebo products and services consistently satisfy ISO 9001 quality requirements.
We can provide the following ISO 9001 documentation:
- Certificate
ISO 27001
Managing information risks.
The ISO/IEC 27000 family of standards helps organizations keep information assets secure. ISO/IEC 27001 is a security standard that outlines and provides the requirements for an information security management system (ISMS). It specifies a set of best practices and details a list of security controls concerning the management of information risks.
The 27001 framework and checklist of controls allow Docebo to ensure a comprehensive and continually improving model for security management.
We can provide you with the following ISO 27001 documentation:
- Certificate
- Statement Of Applicability (under NDA)
- Last third-party annual surveillance audit report (under NDA)
SOC 2 & SOC 3
SOC 2 is a report based on AICPA’s existing Trust Services principles and criteria. The purpose of the SOC 2 report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, and confidentiality or privacy. Docebo undergoes a regular third-party audit to certify individual products against this standard and annually releases a SOC 2 Type II report for the Docebo services.
The SOC 3 Report, just like SOC 2, is based upon the same Trust Service Principles considered for SOC 2 but provides fewer details and can be freely distributed for general use.
Docebo’s SOC2 observation period starts on August 1 and ends on July 31.
We can provide you with the following SOC documentation:
- Current SOC 2 report (under NDA)
- Current SOC 3 report
- SOC 2 Bridge letter in between the observation period
PRIVACY
Docebo strives to ensure that the principles of data protection by design and by default are considered during the lifecycle of each project, product, or feature Docebo introduces for its customers.
Docebo Legal & Security Compliance teams work closely with customers to ensure that the relevant data protection regulations, including GDPR, UK data protection rules, PIPEDA, and US State laws are fully observed. In particular, the legal obligations that arise from these regulations are set out in the Docebo Data Protection Addendum (available here), which applies to the provision of the Docebo services.
Docebo also participates in and has certified its compliance with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework. Our certification can be viewed on the Data Privacy Framework list).
Docebo continues to monitor the data protection and cyber security legal landscape, and it is committed to making the necessary adjustments and assessments to ensure its data protection practices remain aligned with the applicable data protection laws our clients must comply with.