Online Payment Processing Security
In order to accept online payments, SchoolAdmin integrates with several payment gateways, and follows the security requirements and guidelines required by credit card companies and payment gateways (e.g PCI Compliance) along with additional measures that go above and beyond their requirements.
Handling of Secure Payment Details
Any credit card numbers or electronic check account / routing numbers that are provided to SchoolAdmin are immediately passed through to the payment gateway, and are never stored on disc in their complete form (encrypted or unencrypted).
Additionally, with certain payment gateways SchoolAdmin supports “redirect” style payment processing in which the payment details never actually reach SchoolAdmin servers, and instead are sent directly to the payment gateway.
PCI DSS Compliance
SchoolAdmin is certified as PCI DSS Compliant Level 4 via the TrustKeeper service provided by TrustWave. This involves a detailed security assessment (SAQ) as well as a monthly system scans to ensure a high level of security.
PCI DSS stands for the “Payment Card Industry Data Security Standard”, and is required by credit card issuers to ensure that merchants meet minimum levels of security when they store, process and transmit cardholder data.
A summary and history of PCI DSS can be found here: Payment Card Industry Data Security Standard
Application Security & Monitoring
Web Connection Encryption
All web connections are encrypted and authenticated using TLS 1.2 with ECDHE_RSA with P-256 (a strong key exchange) and AES_256_GCM (a strong cipher). Web sessions cannot fallback to out-of-date protocols or use unencrypted connections.
Web Application Protection
The SchoolAdmin product uses page-specific tokens avoid Cross-Site Request Forgery (CSRF) attacks. User input into the application is scrubbed to protect against cross-site scripting (XSS) attacks. Additionally, developers perform code reviews on database access functionality that is written, to act as an additional line of defense against possible vulnerabilities in the connection between the web application and the database.
SchoolAdmin monitors the availability of the SchoolAdmin product and the individual services that the product depends on. The SchoolAdmin technical team is notified immediately should the product not respond to requests or if any of the underlying system services (e.g. memory cache, job processing queues) become unavailable. Additionally, the team is alerted to any software application exceptions that occur in the product, and has an operational process in place to investigate and fix any such issues.
Server Resource Monitoring
SchoolAdmin has monitors in place that track CPU, memory, and disk utilization on all production servers, and notifies the SchoolAdmin technical team when usage of those resources goes above pre-defined thresholds. This allows for early detection and remedy of situations that could cause the site to become temporarily unavailable due to resource consumption issues. Additionally, SchoolAdmin uses a performance monitoring tool in order to detect and notify the team of performance issues that could be symptomatic of an underlying resource contention problem.
The first line of defense in SchoolAdmin’s network security are “firewalls” which limit access to SchoolAdmin servers from the internet. The firewalls allow only secure https access to the company’s production web servers. For system maintenance, SchoolAdmin allows only ssh to the company’s production servers, and requires encryption; password ssh authentication is disallowed. No direct database access is permitted – all database interaction is via the SchoolAdmin web application using the provided interface, or through encryption-based ssh.
SchoolAdmin monitors security alerts and applies critical patches immediately and applies non-critical security patches within 2 weeks of their release.
Direct access to each server is monitored and all file changes are logged and reported daily. All login requests are logged. Successive login failures result in the IP address being blocked. The SchoolAdmin system used by customers also provided for extensive logging of user activity including all logon/logoff actions and tracking of most specific actions taken while using the system.
SchoolAdmin staff regularly monitor the system for malicious activity. In addition, SchoolAdmin employs a number of automated tools, including the following: a network intrusion prevention and detection system (IDS/IPS); a tool that automatically blocks IP addresses that have too many system password failures; and an intrusion detection system that monitors important system files for unauthorized changes. Additionally, the SchoolAdmin system automatically locks user accounts after too many failed login attempts within a certain time period.
Redundancy and Disaster Recovery
SchoolAdmin servers use the latest in redundant data storage components which allow for multiple equipment failures without loss of data. In some cases, entire servers are maintained as back-up to the primary servers.
SchoolAdmin’s database servers are configured with a master and multiple read-only slaves for redundancy. Access to the database is restricted by IP address and passwords with strict complexity requirements.
Offsite Data Back-up
SchoolAdmin creates back-up copies of all customer data every 2 hours with nightly versions stored for 30 days. The data is encrypted and stored in a different location than the database server. Thus, even in the event of total destruction of the SchoolAdmin data center, full back-up copies of all customer data are available.
SchoolAdmin maintains a disaster recovery plan which outlines the steps required in order to reconstruct the SchoolAdmin system in the event of system failure.
United States Data Center
Data Center Management
SchoolAdmin hosts all production operations for clients on the schooladminonline.com and the schooladmin.one domains in a cloud environment operated by Rackspace & Amazon. Rackspace & Amazon provides redundant power, redundant internet access, strict climate control, and physical security. SchoolAdmin is responsible for configuring and maintaining cloud computing instances.
Power / Network Uptime
Rackspace provides SLAs of 100% uptime network and power for cloud computing customers. Their network uptime guarantee is based on multiple redundant networks providing access to their data centers from nine different network providers.
Rackspace provides SLAs of 99.99% uptime network and power for cloud computing customers. Their network uptime guarantee is based on multiple redundant networks providing access to their data centers from multiple network providers.
Rackspace & Amazon rely on several layers of data security to protect physical assets like servers. Access to Rackspace & Amazon data centers is limited to Rackspace data center technicians, who in addition to traditional identification measures, are identified using biometric scanning. Every data center is monitored via security cameras and has 24x7 onsite staff to guard against unauthorized entry. Rackspace & Amazon data centers are unmarked to keep a low profile, and Rackspace & Amazon use an independent firm to audit physical security procedures.
Additional Rackspace information
Additional Amazon information
Canada Data Center
Data Center Management
SchoolAdmin hosts all its production operations for the schooladmin.ca domain in a cloud environment located in Montreal, Québec, operated by Amazon AWS infrastructure services. School data is not transferred outside of the cloud environment located in the region.
Amazon AWS provides redundant power, redundant internet access, strict climate control, and physical security. SchoolAdmin is responsible for configuring and maintaining the cloud computing instances.
Power / Network Uptime
Amazon AWS provides SLAs of 99.99% uptime network and power for cloud computing customers. Their 99.95% network uptime guarantee is based on multiple redundant networks providing access to their data centers from different network providers.
Amazon AWS relies on several layers of data security to protect physical assets like servers. Access to Amazon AWS data centers is limited to Amazon AWS data center technicians, who in addition to traditional identification measures, are identified using biometric scanning. Every data center is monitored via security cameras and has 24x7 onsite staff to guard against unauthorized entry. Amazon AWS uses an independent firm to audit physical security procedures.
Software Development Lifecycle
SchoolAdmin maintains a defined Software Development Lifecycle that contains the following:
- Traceable change management from requirements through deployment
- Segmentation of roles and separation of duties
- Multi-step review of all changes
- Automated checks and testing
- Controls on the deployment of software to production servers
- SchoolAdmin maintains enforced and audited policies regarding access controls and device management, including but limited to:
- NIST standard password management
- Multi-factor authentication
- Full disk encryption on all devices
- Limits with regular audits on systems access
- Tracking with remote lock and wipe capabilities on laptops
- SchoolAdmin restricts and monitors physical access to company facilities.