Enterprise Security - Built In, Not Bolted On

Trainery operates on SOC 2-aligned infrastructure with controls covering security, availability, and confidentiality. Our controls follow the Trust Services Criteria framework across access management, encryption, incident response, and audit logging. Enterprise clients in regulated industries - insurance, f inancial services, healthcare, can request our security documentation as part of vendor assessment.

Yes. Trainery supports SSO via SAML 2.0 and integrates with all major identity providers including Okta, Azure Active Directory, OneLogin, Google Workspace, and Ping Identity. When an employee is offboarded and their account is disabled in your central directory, their Trainery access is revoked immediately - eliminating the orphan account risk that auditors frequently flag. MFA can also be enforced at the identity provider level.

Trainery uses granular Role-Based Access Control (RBAC) across every module and data type. You can define custom roles, from learner and manager to L&D admin and branch admin - and set permissions at the feature level, not just the page level. The principle of least privilege is enforced by design: users see and do only what their role requires.

All learner data is encrypted at rest using AES-256 and in transit using TLS 1.2 and above. Data is stored in geographically redundant cloud infrastructure with automated backups. Trainery operates a multi-tenant architecture with strict data isolation, your organization's data is never commingled with another client's at the compute or storage layer.

Yes. Trainery maintains an immutable audit trail covering every admin action, permission change, user record update, and data access event across the platform. Logs are exportable and can be pulled for compliance reviews, internal audits, or regulatory requirements. This is a standard feature available to all Enterprise clients, not an optional add-on.

Yes, and these are among our strongest verticals. Trainery's 35-year heritage in external training delivery for insurance companies and associations means our platform was built with compliance documentation and audit readiness as a baseline, not an afterthought. Controls around credential tracking, training completion records, and access logging are all audit-ready out of the box.

On contract termination, clients receive a full export of their learner records, course completion history, credential data, and organizational data in standard formats. Trainery has a documented data retention and deletion policy. Your data belongs to you, and we ensure a clean, structured handover with sufficient notice so your team can transition without data loss.