The Work Is Done—What’s the Big Deal?

We promised to circle back once the audit wrapped, and here we are: Edlink has officially completed a SOC 2 Type II audit. Months of evidence‑gathering, control testing, and more—done and dusted.

Why should you care? Honestly, my hot take, having been through an audit, is you probably shouldn’t care as much as you might, but more on that later. If you were to care, it would be because Type II (as opposed to Type I) means our controls were tested over time. We lived under the microscope and still came out shiny.

SOC 2 Type II—What is it?

  • What it is: A deep dive into how we secure, monitor, and document everything that touches your data.
  • Type I vs. Type II: Type I = policies look good on paper. Type II = auditors confirm we actually follow them, day in and day out.
  • Why it matters in edtech: Schools and districts hand us very sensitive info. They need proof—not promises—that we keep it safe

A Note on What SOC 2 Is Not

It’s important to us (and me specifically) that we’re constantly sharing what we learn with those we serve so I want to be clear: SOC 2 isn’t a silver bullet and you should not treat it as such.

There’s no universal checklist of required controls, and companies define their own. As long as we can show we follow what we’ve written down, we “pass.” That means SOC 2 tells you how disciplined and consistent a company isnot how secure it is in absolute terms.

So is this audit a sign that Edlink is taking security seriously? Yes.
Is it a guarantee that we’ve covered every possible risk? No.

Security is a moving target, and SOC 2 is just one layer in how we approach it. We’re constantly evaluating, testing, and improving—not because the audit told us to, but because that’s the job we signed up for.

“Cool Story, Edlink…But How Does This Help Me?”

Good question. A SOC 2 Type II audit sounds impressive, but here’s what it actually means for your day-to-day:

For EdTech Companies:

  • Fewer roadblocks with your own customers. If you’re integrating with us, you’re likely handling school or district data too. Having a SOC 2-audited partner can help ease your own security reviews and compliance concerns.
  • One less third-party partner to worry about. You can build on top of Edlink’s infrastructure with confidence.

For Developers:

  • More signal, less guesswork. When you build on Edlink, you’re building on a system that’s been tested for uptime, incident response, and data handling consistency.
  • You can focus on your product. We’re taking care of the plumbing so you don’t have to roll your own auth layers, access logging, or permission checks every time you build an integration.

Schools & Districts:

  • SOC 2 demonstrates our commitment to doing what we say we will when it comes to protecting your data. Plus, our SOC 2 report answers a lot of the security and privacy questions that typically hold up procurement. It’s one less hurdle in getting a new tool approved.
  • You can trust that we’re process-driven. When you're managing student data, you need to know your vendors aren't cutting corners. This audit confirms that we have formal, repeatable processes in place—and that we follow them.
  • You don’t need to audit us yourself. We’ve already been through the ringer.

Security Isn’t a One‑Time Victory Lap

Passing a SOC 2 audit is great—but it's not the finish line. It’s more like hitting a checkpoint in a race that never really ends.

The truth is, security isn’t something you “achieve.” It’s something you maintain, actively, every day. Threats evolve. Systems change. People make mistakes. So staying secure means building in processes to catch those mistakes before they become real problems—and fixing them when they do.

Here’s what that looks like at Edlink:

  • Ongoing monitoring: We don’t wait for annual reviews to check our logs or investigate anomalies. Our systems are monitored continuously, and alerts are tied directly into how we operate day-to-day.
  • Annual re-audits: SOC 2 Type II isn’t a one-and-done badge. We’ll go through the full process again next year—and every year after that. It’s part of our standard operating rhythm.
  • Proactive improvements: We’re not just maintaining our current state. As our platform grows and the risk landscape shifts, we revisit our controls, tighten gaps, and rethink how we can better protect the data flowing through our system.

The audit validated that we’re doing this well today. Our job now is to keep doing it well tomorrow, and the day after that—even when no one’s watching.

Want to Read Our Full Report? Here’s How to Get Access:

*We define “future client” as someone who’s already had at least one qualifying conversation with us and where both sides see real potential to work together. Once the MNDA is signed, the report is on its way to your inbox.

Thanks for Trusting Us ❤️

This milestone is your win as much as ours. You push us to raise the bar on security so you can focus on building world‑class learning experiences. We’ll keep doing the unglamorous work—logs, audits, and all—so your integrations stay seamless, reliable, and secure.

Questions? Reach out. Otherwise, carry on building great things—securely.

—Amanda, Alex & the Edlink Team‌

If you’re interested to learn more about Edlink’s Unified API, here’re other articles we’ve written.

If you're looking for a partner to guide you through developing integrations like these, then let us introduce ourselves. We're Edlink!