Security & Availability
Online Payment Processing Security
In order to accept online payments, SchoolAdmin integrates with several payment gateways, and follows the security requirements and guidelines required by credit card companies and payment gateways (e.g PCI Compliance) along with additional measures that go above and beyond their requirements.
Handling of Secure Payment Details
Any credit card numbers or electronic check account/routing numbers that are provided to SchoolAdmin are immediately passed through to the payment gateway and are never stored on disk in their completed form (encrypted or unencrypted).
Additionally, with certain payment gateways, SchoolAdmin supports “redirect” style payment processing in which the payment details never actually reach SchoolAdmin servers, and instead are sent directly to the payment gateway.
PCI DSS Compliance
SchoolAdmin is certified as PCI DSS Compliant via the TrustKeeper service provided by TrustWave. This involves a detailed security assessment (SAQ), as well as a monthly system scan to ensure a high level of security.
PCI DSS stands for the “Payment Card Industry Data Security Standard”, and is required by credit card issuers to ensure that merchants meet minimum levels of security when they store, process and transmit cardholder data.
A summary and history of PCI DSS can be found here: Payment Card Industry Data Security Standard
Application Security & Monitoring
Web Connection Encryption
All web connections are encrypted and authenticated using TLS 1.2 with ECDHE_RSA with P-256 (a strong key exchange) and AES_256_GCM (a strong cipher). Web sessions cannot fallback to out-of-date protocols or use unencrypted connections.
Web Application Protection
The SchoolAdmin product uses page-specific tokens to avoid Cross-Site Request Forgery (CSRF) attacks. User input into the application is scrubbed to protect against cross-site scripting (XSS) attacks. The application is regularly checked via third-party scans to ensure compliance. Additionally, developers perform code reviews on database access functionality that is written, to act as an additional line of defense against possible vulnerabilities in the connection between the web application and the database.
SchoolAdmin monitors the availability of the SchoolAdmin product and the individual services that the product depends on. The SchoolAdmin technical team is notified immediately should the product not respond to requests or if any of the underlying system services (e.g. data stores, job processing queues) become unavailable. Additionally, the team is alerted to any software application exceptions that occur in the product and has an operational process in place to investigate and fix any such issues.
Server Resource Monitoring
SchoolAdmin has monitors in place that track CPU, memory, and disk utilization on all production servers, and notifies the SchoolAdmin technical team when the usage of those resources goes above pre-defined thresholds. This allows for early detection and remedy of situations that could otherwise cause the site to become temporarily unavailable due to resource consumption issues.
Firewalls and server access
SchoolAdmin network architecture allows only secure and authorized access to the company’s production application network and servers. All server interaction is restricted via security groups and no direct database access is permitted via public internet routes.
SchoolAdmin applies new security patches to all web servers automatically within 24 hours of their release.
SchoolAdmin staff regularly monitor the system for unusual and malicious activity. Additionally, the SchoolAdmin system automatically locks user accounts after too many failed login attempts within a certain time period.
Within 2-business days of discovery, we will report any security breach to the controller of the data (the school or organization). "Security breach" means any unauthorized access, use, or disclosure of confidential information. A security breach does not include: (a) "pings" on a system firewall; (b) port scans; (c) security scans; (d) attempts to log on to information systems with an invalid password or user name; (e) denial-of-service attacks; (f) malware that does not result in unauthorized access, use, or disclosure of confidential information. SchoolAdmin may delay notification if advised to do so by law enforcement agencies or to ascertain the scope of the breach.
Software Development Lifecycle
SchoolAdmin maintains a defined Software Development Lifecycle that contains the following:
Traceable change management from requirements through deployment
Segmentation of roles and separation of duties
Automated checks for policy compliance
Extensive automated quality testing
Multi-step human reviews on all changes
Controls on the deployment of software to production servers
SchoolAdmin maintains enforced and audited policies regarding access controls and device management, including but limited to:
Full disk encryption on all devices
Limits on systems access with regular audits
Tracking with remote lock and wipe capabilities on laptops
Restriction and monitoring of physical access to company facilities
Redundancy and Disaster Recovery
SchoolAdmin servers use the latest in redundant data storage components which allow for multiple equipment failures without loss of data. In some cases, entire servers are maintained as back-up to the primary servers.
SchoolAdmin’s database servers are configured with primary and secondary server tiers for redundancy.
In addition to maintaining secondary database servers with real-time redundancy, SchoolAdmin takes automated database backups and store those separately. Backups are stored in multiple geographic locations. Thus, even in the event of total destruction of a SchoolAdmin data center, full back-up copies of all customer data are available. Database backups are always encrypted "at rest" and in-transit. SchoolAdmin maintains back-ups for 90 days.
SchoolAdmin maintains a disaster recovery plan which outlines the steps required in order to reconstruct the SchoolAdmin system in the event of system failure.
Data Center Management
Data Center Locations
SchoolAdmin hosts production environments for schooladminonline.com and schooladmin.one in a cloud environment operated by Amazon AWS infrastructure services, with primary servers located in Virginia.
SchoolAdmin hosts production environments for the schooladmin.ca domain in a cloud environment located operated by Amazon AWS infrastructure services, with servers located in Québec.
School data is not transferred across country borders from the primary hosting location (for example, Canada data stays in Canada).
Power / Network Uptime
Amazon AWS provides SLAs of 99.99% uptime network and power for cloud computing customers. This SLA is based on multiple redundant networks providing access to their data centers from different network providers.
Amazon AWS relies on several layers of data security to protect physical assets like servers. Access to Amazon AWS data centers is limited to Amazon AWS data center technicians, who in addition to traditional identification measures, are identified using biometric scanning. Every data center is monitored via security cameras and has 24x7 onsite staff to guard against unauthorized entry. Amazon AWS uses an independent firm to audit physical security procedures.