Security at BenchPrep

BenchPrep maintains an extensive Information Security Management System (ISMS) including: business continuity, disaster recovery, risk management, and controls. Below you will find a high-level overview of security at BenchPrep.


The BenchPrep platform is hosted on the IBM Cloud, leveraging its PaaS (Platform as a Service) and IBM IaaS (Infrastructure as a Service) solution with some usage of Amazon Web Services for Content Delivery Network and S3. If needed, BenchPrep is happy to assist on requests for certification reports. More details on IBM Cloud security can be found here:

Network Security

The BenchPrep platform follows industry best practices for a secure Software Development Life Cycle. We perform manual and automated tests for security vulnerabilities utilizing a continuous integration with static code analysis tools, such as CodeClimate. The platform also leverages library and vulnerability scans via ThreatStack, bundle-audit, Nessus vulnerability scanners and other tools. If you would like more details on these scans, reports are available upon request.

BenchPrep encrypts all traffic at transfer as HTTPS only (TLS 1.2), while data is encrypted at rest using AES 256 disk-level encryption. Critical data pieces, such as passwords (where applicable), are encrypted using bcrypt.


BenchPrep is compliant with major learning industry standards, such as SCORM/QTI content ingestion, LTI 1.3 and IMS Caliper. BenchPrep has a variety of third-party integrations available for various learning ecosystems and delivery needs throughout our system. These include, but are not limited to: authentication/authorization (oAuth 2.0), SAML 2.0, webhooks, live class APIs, virtual labs and AI scoring. If you require APIs, please review our sample API first. Our team isolates, recommends and supplies APIs based on your unique needs.

Development and Testing

BenchPrep’s current deployment cycles allow for ~2 days of staging access prior to release. For larger feature changes that impact end users, this is not enough time to test, plan & prepare the feature for wide-spread release. Ideally, higher impact features would be available for 2-3+ weeks for user acceptance testing, preparing communication and training internal teams prior to public release.

Data Security

As a data processor, BenchPrep is GDPR and CCPA compliant. The Data Processing Addendum will be established during the contract phase and a variety of policies are available upon  request (such as Data Subject Access Rights). BenchPrep uses a collection of sub-processors and vendors for the delivery of PCI compliant ecommerce, video transcoding, business intelligence and other services. Please review our privacy policy for more details.

Question? Please Reach Out

Contact Us