SchoolStatus’ Comprehensive Approach to Data Security<\/h4>\n\n\n\n
Protecting data\u2014especially student data\u2014is of paramount importance. SchoolStatus demonstrates an unwavering commitment to data security for all of our partners through the dynamic application of robust protocols, training, and multi-layered protection systems designed specifically for safeguarding your sensitive information. By implementing rigorous security measures across corporate policies, physical security, data architecture, and software security implementation, SchoolStatus ensures that student privacy remains protected while enabling educators to leverage valuable data insights to improve student outcomes.<\/p>\n\n\n\n
SchoolStatus works with industry-leading providers to protect your data. We maintain administrative, physical, and technical safeguards designed to protect the confidentiality, security, integrity, availability, and privacy of any Personal Data stored by SchoolStatus or its Affiliates. <\/p>\n\n\n\n
Learn more about how we store, process, and secure your information below:<\/p>\n\n\n\n
Compliance and Certifications<\/strong><\/h6>\n\n\n\n
SchoolStatus is proud to participate in SOC2 Type II auditing and reporting and is certified by both 1EdTech and iKeepSafe. As indicated by our iKeepSafe certifications, SchoolStatus is compliant with applicable laws, including FERPA and COPPA. In addition to our written privacy policy, we maintain staff training requirements, data sharing restrictions, and parents\u2019 rights procedures. We comply with data retention and data deletion best practices and legal requirements.<\/p>\n\n\n\n
Scanning, Assessments, and Testing<\/strong><\/h6>\n\n\n\n
We maintain a vulnerability scanning program, perform regular penetration testing, and have annual security assessments. This means that we double-check our work with an external group that looks for mistakes that put your data at risk. When they identify issues, we quickly remediate them and retest to ensure resolution.<\/p>\n\n\n\n
Data Centers<\/strong><\/h6>\n\n\n\n
SchoolStatus\u2019s products are hosted at data centers based in the United States, running on Amazon Web Service (AWS), Heroku, and Linode infrastructure. These data centers provide physical security around the clock, state-of-the-art fire suppression, redundant utilities, and Internet connections to ensure that our customers\u2019 data is available, safe, and secure.<\/p>\n\n\n\n
Network Security<\/strong><\/h6>\n\n\n\n
Securing data in transit and data at rest is crucial for protecting sensitive information from unauthorized access, ensuring confidentiality and integrity throughout its journey and while stored, and we utilize NIST (National Institute of Standards and Technology) recommended standards for encrypting your data. <\/p>\n\n\n\n
Encryption Detail<\/strong><\/h6>\n\n\n\n
Data in transit is at TLS 1.2 or higher. Data at rest uses AES-256 bit or equivalent encryption, while all client-server communication uses secure means (HTTPS, SFTP, etc.). SchoolStatus maintains documented encryption key management procedures and secure key storage and rotation policies. Upon a contract and execution of an NDA, SchoolStatus will provide additional information.<\/p>\n\n\n\n
System Security<\/strong><\/h6>\n\n\n\n
We\u2019re consistently updating our systems to protect your data. Our virtual systems are refreshed regularly with the latest images to ensure up-to-date patching and to reduce the window of a potential compromise.<\/p>\n\n\n\n
Restricted Access and Access Controls<\/strong><\/h6>\n\n\n\n
Our policy is that only people who need access, get access. Access to systems that hold and process sensitive data is limited to necessary staff based on the principle of least privilege. We log all accesses to identify irregularities and mitigate them quickly. We maintain role-based access control policies, perform regular access reviews, and have automated account deactivation procedures. Our products support SAML-based single sign-on (SSO).<\/p>\n\n\n\n
Reliability<\/strong><\/h6>\n\n\n\n
We use scalable cloud technology to maintain a high level of uptime. If an individual data center fails, our systems keep going.<\/p>\n\n\n\n
Data Backup<\/strong><\/h6>\n\n\n\n
We back up and test our backups on a regular basis. In the unlikely event of an incident, we restore our systems in the least time possible. <\/p>\n\n\n\n
The Importance of Data Security When It Comes to Student Privacy<\/strong><\/h4>\n\n\n\n