The Site secures and keeps private Student Data by using encryption when stored, and while in transit. Data is protected with 128-bit AES encryption at rest, and during transit using industry standard SHA-256 SSL certificates with RSA Encryption. User passwords are hashed and are never stored in plain text.
The Site does not require a user to log off and re-authenticate at any specific interval of time. If a user chooses to remain authenticated indefinitely, they may do so. Logging off after accessing The Site from a public or shared computer is recommended to prevent other users from accessing Student Data when not authorized.
User Identity Tracking & Audit
Account data is only accessible by authorized personnel using their login credentials and unique access keys. All user connections to the software are authenticated via x.509 client certificates, and keys are tracked, secured, and rotated regularly. All security changes and database operations (create, read, update, delete) are audited for each user. Audit logs are retained as defined by the disaster protection & recovery section, and are stored in a secure remote location.
The Site employs encryption at rest for all Student Data in the database, which verifies the integrity of data every time it is accessed by an authorized user. Backups can be used to restore data in the event of data loss or corruption.
The Site databases and application services are hosted using high-performance cloud servers. Firewalls are in place to route network traffic securely, shield servers from attack, and prevent the loss of data. These firewalls block certain types of traffic that may be used to otherwise compromise a system and gain access. Additional info about specific compliance is available upon request.
The Site enforces the use of strong passwords. They must be at least 8 characters in length, consist of at least one letter and at least one number, and not be a stand-alone dictionary word.
Disaster Protection & Recovery
We currently back up all data in snapshots and store this data in a secure remote location on a standard and recurring schedule. Restoring data requires a manual process with multiple levels of authentication. Audit logs are retained for multiple years.
For all the nitty-gritty details, you can have a look at our documentation here: