Security

At OpenClassrooms, the security of your data is at the heart of our concerns. We do everything we can to protect it.

Data protection in the DNA of OpenClassrooms

We know that the security and protection of your data is important to you. It is one of our priorities.

• We have a dedicated security team that works daily to advance our level of security.
• We have defined and implemented security policies to protect our platform and information system. Our security measures cover all areas of security, such as access management, supplier management, vulnerability management, etc.
• We have implemented a set of security tools and mechanisms to protect the OpenClassrooms platform as well as its information system.

We are ISO 27001 certified

Since June 2023! ISO 27001 is an internationally recognized certification that requires the implementation and maintenance of an Information Security Management System (ISMS). This certification rewards the ongoing efforts of the OpenClassrooms teams, but above all, it reflects our commitment to ensuring the security of our customers' data.

Our risk-based approach allows us to prioritize actions that mitigate our highest risks and continuously improve our security maturity.

An annual audit verifies that we meet our security commitments.

Our ISO 27001:2022 certificate

More information: https://www.iso.org/standard/27001

Our Commitments

Security

OpenClassrooms addresses all subjects related to the security of your data, including hosting, application and asset management, development, awareness, etc.

Confidentiality

OpenClassrooms applies best practices in access control and permissions management, as well as data encryption in transit and at rest.

Integrity

OpenClassrooms guarantees the protection of your data against unauthorized modifications and ensures traceability of activities on your account.

Availability

OpenClassrooms ensures high availability of the site, regular backups of your data, and restoration tests are performed on a daily basis.

Transparency

We would be pleased to provide you with our detailed Security Assurance Plan upon request.

OpenClassrooms relies on recognized market solutions.

• Amazon Web Service (AWS) - all OpenClassrooms servers are hosted in AWS datacenters that meet ISO/IEC 27001:2022 and ISO/IEC 27017:2015 standards. Our data is hosted and processed by AWS in France. Our backups are hosted in the European Union. More information: https://aws.amazon.com/security/
• Cloudflare - we rely on Cloudflare's DDoS protection, DNS, rate limiting, and WAF firewall features to protect the OC platform against external attacks. More information: https://www.cloudflare.com/ddos/, https://www.cloudflare.com/rate-limiting/, and https://www.cloudflare.com/waf/
• Google Cloud Platform (GCP) - to better manage platform and data resilience, our backups are replicated with GCP. The data is hosted in Europe. More information: https://cloud.google.com/security

Security is always best when someone else says it

We constantly assess our level of security and data protection. This includes regular audits such as:

• A penetration test
• Security audits for maintaining our certifications
• Running a Bug Bounty program