The Importance of Data Security When It Comes to Student Privacy

Last Updated June 12, 2024

Corporate Policies & Procedures

About Us

SchoolStatus exclusively employs and contracts with people who agree to comply with certain legal requirements as outlined by our legal department. 

All employees and contractors are required to agree to and sign data confidentiality obligations that deal with the privacy and handling of SchoolStatus’ data and, more importantly, our customers’ data. 

When SchoolStatus hires new employees, they are required to submit to a federal and state-level criminal background investigation in addition to a check against the child abuse registry. Additionally, for employees with relevant professional licenses (i.e.: Certified Public Accountants or Teachers) to ensure those licenses are active and have no disqualifying disciplinary history.

Employee Single Sign-On

Our human resource information system (HRIS) is linked to our employee credential system to ensure that employees who are terminated immediately lose access to all SchoolStatus digital resources. 

We also employ single sign-on using a centralized directory with application entitlements. This ensures when a user’s SchoolStatus account is terminated, the user loses access to all other electronic resources (including email) immediately. 

Our single sign-on system also requires the use of two-factor authentication, which requires not only a password to log in to electronic resources but also a complex, rotating key that is time-based. 

All workstations and mobile devices at SchoolStatus utilize whole disk encryption which helps prevent data from being gleaned from laptops or mobile devices that may have been stolen or otherwise compromised. 

SchoolStatus provides ongoing training and source code reviews to ensure customer data is kept in the most secure method possible for the use case.

Need to Know Basis

Most importantly, Customer data is kept on a need-to-know basis. This means that Customer data is not allowed to be possessed or accessed by those who don’t need it for their jobs. 

Example 

An executive assistant may come in contact with data in a limited capacity during the normal course of duty for their job. They may see a teacher’s name mentioned in a technical support email, but they wouldn’t be able to access a Customer’s parent contact information because their day-to-day responsibilities don’t necessitate it. 

Example 

We restrict access to production data to a few who may need it to do their job. A junior programmer working on developing a part of our software would be provisioned an anonymized version of data as opposed to live access to Customer data. One could argue access to live data would be required for their job, but it is a better risk mitigation practice that they use anonymized data instead. 

Manual Data Transmission

We generally do not accept email traffic serving attachments without transport layer (TLS) encryption. This helps prevent the sending of potentially sensitive data over insecure methods.

Physical Security

A surprising amount of data loss occurs through a commercial burglary setting or various breakdowns in physical security (i.e. non-shredding of sensitive information resulting in data loss). SchoolStatus does not receive data from Customers’ physical medium.

For any physical files that contain Customer data that we maintain, which are only maintained in our California location, we follow industry-accepted best practices regarding storage and access.

Physical Location Access

Access to our physical work locations requires a physical badge token that is unique to each employee and is not easily duplicated. This allows us to restrict physical access to our work locations immediately upon employee termination and ensure only those individuals needing access to our work locations have access. 

We do not routinely utilize removable storage (such as flash/USB drives) to intentionally prevent their loss or theft.

Data Architecture and Storage Security, Including Cloud Hosting

SchoolStatus uses a cloud-based Platform as a Service (PaaS) provider. Doing so allows us to innovate and keep the costs of our services low for our customers. By using our PaaS provider, SchoolStatus isn’t forced to build and maintain expensive telecommunications infrastructure and undergo the expense of maintaining a data center. By leveraging the tools and capabilities our PaaS provider furnishes us, we’re able to maintain geographic diversity (to avoid earthquakes, tornados, or other disasters from making our service unavailable) and essentially unlimited scaling capabilities (so we can add Customers quickly and efficiently). 

Our configuration and legal agreement with our PaaS provider allows for the following: 

• Data Architecture and Storage Security, Including Cloud Hosting Data that is stored within SchoolStatus never leaves the United States and is never available to other companies. Our data is logically and physically separate from other companies running in the same data center. 
• Because all datastores and files are configured to be encrypted at rest, it’s mathematically improbable that a 3rd party would be able to read them if they compromised the physical hardware on which our software runs.

Geographic Redundancy

SchoolStatus operates in multiple regions across the United States. Regions are designed for availability and consist of at least two, often more, Availability Zones. Availability Zones are designed for fault isolation. They are connected to multiple Internet Service Providers (ISPs) and different power grids. They are interconnected using high-speed links, so applications can rely on local area network (LAN) connectivity for communication between Availability Zones within the same region. 

SchoolStatus operates in two geographically diverse Regions, each having at least four Availability Zones. It is unlikely, but not impossible, that a natural disaster should render all of them unavailable. For this reason, we fully backup and snapshot our encrypted Customer data to a geographically diverse storage network that boasts a 99.999999999% object durability. For example, if you store 10,000 backup objects, we can on average expect to incur a loss of a single object once every 10,000,000 years. Bottom line: it’s highly unlikely physical permanent data loss of Customer data will occur.

Shared Tenancy Controls

For purposes of economy of scale, most modern Software as a Service (SaaS) applications employ a multi-tenancy model—just as your school’s banking institution doesn’t operate a separate branch location and server devoted to just your school. Without this, SaaS applications would become too expensive to develop, maintain, and therefore use by schools. Instead of running our platform on a new server for each customer, we run them on shared resources. We provide logical software controls to keep your data from being available to non-authorized individuals. 

SchoolStatus’ products have been architected to provide logical separation using global non-repeating 128-bit identifiers assigned to each district and school. These are used to determine data ownership for every data point stored with us. When a user logs into our platform, we set a user’s scope to allow access on a primary level to, and only to, their district’s data as delineated by their 128-bit identifier. This occurs at the data store level so that even if a user were to be able to compromise our code base, they would still be unable to access another district’s data as a result.

Remote Server Access

We follow industry-accepted practices regarding server access.  Access rules and routing rules are in place to prevent access to the servers that run our application except through traffic load balancers. All other access is prevented. 

Our application and database servers are logically separated into their own private container and layer 2 network. All traffic inbound and outbound is tightly controlled through a defined set of rules to defined destinations. Servers that serve internal functions and aren’t serving up public SSL traffic are generally not allowed to access the public internet.

Logging

In addition to logging who and to which students our end-users access, we also log all servers to a central location in a read-only fashion. There is no capacity to alter or delete a log entry once it has been made. All SSH, VPN, remote access, and other system events are monitored for anomalies. Server access logs are saved for at least one year; end-user logs are saved in perpetuity.

2-Factor Authentication

In addition to traditional usernames and complex passwords, administrative access to our software and system requires a second security credential. This credential is a long integer that rotates every 30 seconds based upon a complex algorithm, outlined in rfc 62381. Brute force guessing this credential is unlikely and requires a specific piece of software and code that is only available to each of our staff members, typically stored on a mobile phone. This process provides assurance that even if a staff member’s password is compromised, dubious 3rd parties are unable to access our systems without also having access to a user’s mobile phone. Likewise, having access to just their mobile phone without the user’s password is equally as useless. 

All SchoolStatus information systems, including email, also use two-factor authentication in the same manner.

Antivirus, Antimalware & Software Updates

All SchoolStatus workstations, servers, and other systems are protected by antivirus and antimalware services. System state of these services is closely monitored and turning off this capacity is very difficult and time-consuming, by design. 

Servers that have their antivirus and anti-malware capabilities turned off are alerted to almost immediately to prevent remote-access software from being installed surreptitiously. 

Software updates are automatically applied and are monitored for compliance on regular schedule. Servers are routinely updated to the latest server and software components to patch against known software vulnerabilities.

Calling Practices and Privacy

Some types of calls and messages from a school impact the health and safety of students and faculty. SchoolStatus operates in compliance with the Telephone Consumer Protection Act (TCPA) which states that in emergency situations auto-dialed calls or automated texts to student and family wireless phones are necessary and may happen without consent. 

Situations where school callers may send auto-dialed calls and automated text messages:

• Weather closures
• Fire
• Health risks
• Threats
• Unexcused absences

When a student or parent provides their phone number to the school, the scope of consent includes communication related to the educational mission of the school. School callers may also make automated calls in non-emergency cases such as notification of an upcoming teacher conference or general school activity with the understanding that the recipient expressed consent when they provided their telephone number to the school district.