We are committed to keeping your data secure.
The security of your data is of utmost importance to you and us. We understand it needs to be confidential, accurate, and always available. We take great care to protect all data that we work with, including:
- Data and web content are always encrypted-in-transit, both within internal systems and to or from external systems. This encryption will be performed using AES-128, AES-256, or better recognized by the broader security community.
- Data is always encrypted-at-rest, including file-level encryption or full disk-level encryption, usually simultaneously (using AES-128, AES-256, or better).
- HTTPS is enabled and required for all web-based services, using TLS 1.1 or higher.
- All data access points and interfaces require both authentication and authorization, limiting access to only those parties who have a legitimate need for the provision of our services. Where possible, this will additionally require multi-factor authentication.
- Data is always securely destroyed using data deletion techniques outlined in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data. Learn more here.
- EducationSuperHighway’s infrastructure runs in the cloud using third party vendors that maintain security standards and compliance certifications, including SOC 2, ISO 27001, Federal Risk and Authorization Management Program (FedRAMP), PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171. Learn more here.
- We review all changes made to the source code underlying our products and services for potential flaws in logic, security, or otherwise. All changes are automatically scanned for known security vulnerabilities.
- System events, including but not limited to automatic systems operations, data access, and administrative actions, are automatically gathered into audit logs which are archived and regularly reviewed.
- Our staff stays current on the latest tools and techniques to enhance our security and privacy practices and adopt them where necessary.
- Ensuring all EducationSuperHighway employees sign agreements barring any use of confidential information outside of the scope of their work. We provide security and technology use training to all employees.
- EducationSuperHighway uses Amazon Web Services (AWS), to host our infrastructure. AWS hosted infrastructure resides in a dedicated Virtual Private Cloud (VPC) which is designed to ensure that only authorized traffic over approved ports is allowed. AWS data protection services provide encryption and key management and threat detection that continuously monitors and protects accounts and workloads. AWS identifies threats by continuously monitoring the network activity and account behavior within the cloud environment and notifies us of changes in our activities or in our infrastructure.
- Our data exchange platform is only accessible by authorized parties. Public access to data stored in AWS S3 is blocked. User-level access is managed using AWS (Amazon Web Services) IAM Policies.
- User access to S3 buckets is controlled via AWS Access Key ID and Secret Access Key. This is highly secure and used to sign programmatic requests to the AWS Command Line Interface (CLI). Find more details here.