Back to Compliance PortalCompliance document
Security Controls Alignment Summary
Summary of VerbalCheck controls aligned to common SOC 2 Trust Services Criteria themes.
Audience
CIOs, CISOs, security reviewers, and compliance officers
Security
- Role-based and object-level authorization for protected records.
- httpOnly cookie-based sessions and server-side session revocation.
- Security headers, rate limits, input validation, and production debug-route controls.
- Responsible vulnerability intake through security@verbalcheck.com.
Availability
- Cloud hosting and managed database providers support application availability.
- Preview-first deployment and smoke testing reduce production change risk.
- Recovery expectations are documented in the backup and continuity overviews.
Confidentiality and privacy
- Private storage paths for sensitive academic files and audio where configured.
- Data retention and deletion procedures for institution-controlled records.
- Subprocessor transparency and DPA review support.
- FERPA-sensitive workflows supported through technical controls and customer governance.
Processing integrity
- LTI launches validate issuer, audience, nonce, and signature.
- Grade synchronization and assignment linking are scoped to authorized contexts.
- AI-assisted outputs support human review and do not replace institutional decisions.