Back to Compliance Portal

Compliance document

Security Controls Alignment Summary

Summary of VerbalCheck controls aligned to common SOC 2 Trust Services Criteria themes.

Status

Published summary

Effective date

June 2026

Audience

CIOs, CISOs, security reviewers, and compliance officers

Security

  • Role-based and object-level authorization for protected records.
  • httpOnly cookie-based sessions and server-side session revocation.
  • Security headers, rate limits, input validation, and production debug-route controls.
  • Responsible vulnerability intake through security@verbalcheck.com.

Availability

  • Cloud hosting and managed database providers support application availability.
  • Preview-first deployment and smoke testing reduce production change risk.
  • Recovery expectations are documented in the backup and continuity overviews.

Confidentiality and privacy

  • Private storage paths for sensitive academic files and audio where configured.
  • Data retention and deletion procedures for institution-controlled records.
  • Subprocessor transparency and DPA review support.
  • FERPA-sensitive workflows supported through technical controls and customer governance.

Processing integrity

  • LTI launches validate issuer, audience, nonce, and signature.
  • Grade synchronization and assignment linking are scoped to authorized contexts.
  • AI-assisted outputs support human review and do not replace institutional decisions.