We take the protection of your student data very seriously.
We align to the NIST 800-53 r5 Moderate standard, exceeding NYS requirements for encryption in transit and at rest, while adhering to the NIST CSF under Ed-Law 2d.
Secure physical environments both at AWS and Mindex
Strong governance framework, regularly reviewed by 3rd parties
Strictly controlled access and secure communication protocols
Robust change and configuration management practices
Granular audit trails, anomaly detection, alerting, and intervention
Thorough data handling practices from development to support
Regular security incident simulations and disaster recovery testing
DDoS, WAF, IDS/IDP, and next-gen end-point protection all in use
Regular penetration testing and vulnerability scanning (IAST and SAST)
Timely patching of all 3rd party applications and OS
Please refer to our Data Privacy and Security Plan to review our policies regarding our use of data and our adherence to the Parents’ Bill of Rights.