Why does SOC 2 matter to customers?

SOC 2 provides independent validation that we protect customer data using industry-standard controls. It reduces risk for customers, speeds up security reviews, and demonstrates that our platform is trustworthy and reliable.

Woman with long dark hair in a white shirt working on a laptop at a green table with an AICPA SOC certification badge overlay.

— Teachable security

Verified security & compliance

Q: What's the difference between SOC 2 Type I and Type II?

Type I evaluates whether we have the right security controls in place at a specific point in time. Type II evaluates whether those controls operate effectively over an extended period of time (typically 6–12 months).

Q: How often is the SOC 2 audit performed?

The SOC 2 audit is performed annually.

Q: What trust principles are included in your SOC 2 audit?

Security, Availability, and Confidentiality.

Teachable’s SOC 2 Type II accreditation gives your organization the confidence that your learning programs are built on a platform with independently verified security, operational discipline, and data protection controls.

Independently audited safeguards

Teachable’s security program is aligned with global privacy expectations, including GDPR and CCPA.

Infrastructure designed for reliability and scale

We employ mature change-management processes and incident-response frameworks to ensure your learning programs remain accessible and secure.

A trusted foundation for your procurement needs

For teams with strict compliance requirements, Teachable provides the necessary documentation to streamline vendor assessments.

Frequently asked questions

What is SOC 2?

SOC 2 (Service Organization Control 2) is an independent audit that evaluates how well a company protects customer data across areas like security, availability, confidentiality, and privacy. It demonstrates that our internal practices meet industry standards for safeguarding information.

What’s the difference between SOC 2 Type I and Type II?

Type I evaluates whether we have the right security controls in place at a specific point in time.
Type II evaluates whether those controls operate effectively over an extended period of time (typically 6–12 months).

We have achieved SOC 2 Type II, which is the more rigorous and valuable accreditation.

Can I see your SOC 2 report?

Yes. We provide our SOC 2 report under NDA. Your Account Manager or Customer Success Manager can provide access upon request.

‍

Does SOC 2 mean you comply with other regulations (GDPR, CCPA, etc.)?

Yes. Teachable complies with applicable data privacy laws such as GDPR and CCPA.

SOC 2 is not a legal framework, but many of its controls overlap with and support these regulatory requirements. Our SOC 2 accreditation reinforces our broader compliance program and demonstrates that we maintain strong, audited controls that help us meet global privacy and security obligations.

How often is the SOC 2 audit performed?

We undergo a SOC 2 Type II audit annually, ensuring continuous validation of our security practices and internal controls.

Does SOC 2 cover all parts of your product?

Yes. Our audit scope includes the systems, processes, and controls that support the Teachable platform, including data handling, infrastructure, engineering practices, and operations.

What trust principles are included in your SOC 2 audit?

Our audit includes the Security trust principle (required for SOC 2) and may expand to additional principles like Availability or Confidentiality depending on future needs and customer requirements.

How does SOC 2 improve platform security?

The SOC 2 process helps us:

Identify and mitigate risks earlier
Strengthen internal processes
Maintain consistent operational controls
Improve our monitoring and incident response

This leads to a more stable, secure environment for all customers.

What happens if new security threats emerge?

SOC 2 requires us to have ongoing monitoring, incident response plans, and risk-management practices. We continuously update our controls to reflect evolving security threats—not just once per year.

How does SOC 2 help speed up procurement or security reviews?

Because SOC 2 is widely recognized, customers’ security teams can review our audit report instead of performing lengthy questionnaires or deep assessments. This shortens the sales cycle and helps teams make decisions faster.

Are my students’ data included in this security scope?

Yes. SOC 2 evaluates how we protect all customer data, including creators, learners, and administrative users across the Teachable platform.

Who performs your audit?

Our audit is conducted by A-lign, an independent, accredited third-party CPA firm that specializes in SOC 2 compliance.

Do you offer additional certifications (ISO 27001, PCI, etc.)?

We are focused on SOC 2 Type II today. We evaluate additional frameworks (such as ISO 27001) based on customer demand and strategic roadmap needs.

All our gateways are PCI SAQ A Level 3 compliant.

Where can I direct further questions?

Please reach out to your Account Manager, Customer Success Manager, or our security team at support@teachable.com for any additional questions.