Integration and Security Explained

With the ability to integrate various systems comes the responsibility to secure it using industry standard best practices. Scholarly partners with industry-leading external auditors to verify our security policies and controls annually. View up-to-date security information on the Scholarly Trust Report.

• Encryption at Rest and In-Transit. All data, regardless of sensitivity, is encrypted at-rest and in-transit using the latest protocols supported by browsers and operating systems. At-rest encryption uses AES-256 and in-transit encryption uses TLS 1.3.
• Audit Logging. All access for employees and customers is logged in the system with user and device telemetry. These logs are configured to never be destroyed or modified.
• Multi-factor Authentication (MFA). All production system accounts are secured with multi-factor authentication. We programmatically require MFA for all employees.
• Timely Dependency Updates. All dependencies are kept up-to-date and are upgraded within 30 days of being released. CVEs will receive same-day upgrades.
• Multiple Availability Zones (Multi-AZ). Scholarly runs in multiple availability zones on its cloud providers to enable resiliency to natural disasters and intrusions.

These are just a few of our security practices today, and we are always looking to improve. If you have questions or concerns about these security practices, please email [email protected].