Safeguarding Student Privacy

SchoolStatus’ Comprehensive Approach to Data Security

Protecting data—especially student data—is of paramount importance. SchoolStatus demonstrates an unwavering commitment to data security for all of our partners through the dynamic application of robust protocols, training, and multi-layered protection systems designed specifically for safeguarding your sensitive information. By implementing rigorous security measures across corporate policies, physical security, data architecture, and software security implementation, SchoolStatus ensures that student privacy remains protected while enabling educators to leverage valuable data insights to improve student outcomes.

SchoolStatus works with industry-leading providers to protect your data. We maintain administrative, physical, and technical safeguards designed to protect the confidentiality, security, integrity, availability, and privacy of any Personal Data stored by SchoolStatus or its Affiliates. 

Learn more about how we store, process, and secure your information below:

Compliance and Certifications

SchoolStatus is proud to participate in SOC2 Type II auditing and reporting and is certified by both 1EdTech and iKeepSafe. As indicated by our iKeepSafe certifications, SchoolStatus is compliant with applicable laws, including FERPA and COPPA. In addition to our written privacy policy, we maintain staff training requirements, data sharing restrictions, and parents’ rights procedures. We comply with data retention and data deletion best practices and legal requirements.

Scanning, Assessments, and Testing

We maintain a vulnerability scanning program, perform regular penetration testing, and have annual security assessments. This means that we double-check our work with an external group that looks for mistakes that put your data at risk. When they identify issues, we quickly remediate them and retest to ensure resolution.

Data Centers

SchoolStatus’s products are hosted at data centers based in the United States, running on Amazon Web Service (AWS), Heroku, and Linode infrastructure. These data centers provide physical security around the clock, state-of-the-art fire suppression, redundant utilities, and Internet connections to ensure that our customers’ data is available, safe, and secure.

Network Security

Securing data in transit and data at rest is crucial for protecting sensitive information from unauthorized access, ensuring confidentiality and integrity throughout its journey and while stored, and we utilize NIST (National Institute of Standards and Technology) recommended standards for encrypting your data.

Encryption Detail

Data in transit is at TLS 1.2 or higher. Data at rest uses AES-256 bit or equivalent encryption, while all client-server communication uses secure means (HTTPS, SFTP, etc.). SchoolStatus maintains documented encryption key management procedures and secure key storage and rotation policies. Upon a contract and execution of an NDA, SchoolStatus will provide additional information.

System Security

We’re consistently updating our systems to protect your data. Our virtual systems are refreshed regularly with the latest images to ensure up-to-date patching and to reduce the window of a potential compromise.

Restricted Access and Access Controls

Our policy is that only people who need access, get access. Access to systems that hold and process sensitive data is limited to necessary staff based on the principle of least privilege. We log all accesses to identify irregularities and mitigate them quickly. We maintain role-based access control policies, perform regular access reviews, and have automated account deactivation procedures. Our products support SAML-based single sign-on (SSO).

Reliability

We use scalable cloud technology to maintain a high level of uptime. If an individual data center fails, our systems keep going.

Data Backup

We back up and test our backups on a regular basis. In the unlikely event of an incident, we restore our systems in the least time possible. 

The Importance of Data Security When It Comes to Student Privacy

You may also find additional details about our approach to data privacy, such as Employee Single Sign On, Physical Security policies, and Data Storage Security in our June 2024 article, “The Importance of Data Security When It Comes to Student Privacy.”

SchoolStatus Terms of Service

Our full Terms of Service is available here, as well as in our Data Processing Addendum here.

SchoolStatus Privacy Policy

Our Privacy Policy can be read here.

SchoolStatus’  approach to data security reflects our deep understanding of the critical importance of protecting student information in the educational technology space. From employing two-factor authentication and strict access controls to maintaining geographic redundancy and compliance with numerous privacy laws and frameworks including NIST, we have built a security infrastructure that meets industry standards. 

We are dedicated to improving your student outcomes while maintaining industry-accepted standards of data security for your employees, families, and students. Our commitment to prioritizing data security and protecting sensitive information fosters lasting partnerships built on trust.