Security & Availability
Online Payment Processing Security
In order to accept online payments, SchoolAdmin integrates with several payment gateways, and follows the security requirements and guidelines required by credit card companies and payment gateways (e.g PCI Compliance) along with additional measures that go above and beyond their requirements.
Handling of Secure Payment Details
Any credit card numbers or electronic check account / routing numbers that are provided to SchoolAdmin are immediately passed through to the payment gateway, and are never stored on disc in their complete form (encrypted or unencrypted).
Additionally, with certain payment gateways SchoolAdmin supports “redirect” style payment processing in which the payment details never actually reach SchoolAdmin servers, and instead are sent directly to the payment gateway.
PCI DSS Compliance
SchoolAdmin is certified as PCI DSS Compliant Level 4 via the TrustKeeper service provided by TrustWave. This involves a detailed security assessment (SAQ) as well as a monthly system scans to ensure a high level of security.
PCI DSS stands for the “Payment Card Industry Data Security Standard”, and is required by credit card issuers to ensure that merchants meet minimum levels of security when they store, process and transmit cardholder data.
A summary and history of PCI DSS can be found here: Payment Card Industry Data Security Standard
Application Security & Monitoring
Web Connection Encryption
All web connections are encrypted and authenticated using TLS 1.2 with ECDHE_RSA with P-256 (a strong key exchange) and AES_256_GCM (a strong cipher). Web sessions cannot fallback to out-of-date protocols or use unencrypted connections.
Web Application Protection
The SchoolAdmin product uses page-specific tokens avoid Cross-Site Request Forgery (CSRF) attacks. User input into the application is scrubbed to protect against cross-site scripting (XSS) attacks. The application is regularly checked via third-party scans to ensure compliance. Additionally, developers perform code reviews on database access functionality that is written, to act as an additional line of defense against possible vulnerabilities in the connection between the web application and the database.
SchoolAdmin monitors the availability of the SchoolAdmin product and the individual services that the product depends on. The SchoolAdmin technical team is notified immediately should the product not respond to requests or if any of the underlying system services (e.g. memory cache, job processing queues) become unavailable. Additionally, the team is alerted to any software application exceptions that occur in the product, and has an operational process in place to investigate and fix any such issues.
Server Resource Monitoring
SchoolAdmin has monitors in place that track CPU, memory, and disk utilization on all production servers, and notifies the SchoolAdmin technical team when usage of those resources goes above pre-defined thresholds. This allows for early detection and remedy of situations that could cause the site to become temporarily unavailable due to resource consumption issues. Additionally, SchoolAdmin uses a performance monitoring tool in order to detect and notify the team of performance issues that could be symptomatic of an underlying resource contention problem.
Firewalls and server access
All firewalls allow only secure access to the company’s production application servers. All server interaction is restricted via security groups and no direct database access is permitted via public internet routes.
SchoolAdmin monitors security alerts and applies critical patches immediately and applies non-critical security patches within 2 weeks of their release.
Direct access to each server is monitored and all file changes are logged and reported daily. All login requests are logged. Successive login failures result in the IP address being blocked. The SchoolAdmin system used by customers also provided for extensive logging of user activity including all logon/logoff actions and tracking of most specific actions taken while using the system.
SchoolAdmin staff regularly monitor the system for malicious activity. In addition, SchoolAdmin employs a number of automated tools, including the following: a network intrusion prevention and detection system (IDS/IPS); a tool that automatically blocks IP addresses that have too many system password failures; and an intrusion detection system that monitors important system files for unauthorized changes. Additionally, the SchoolAdmin system automatically locks user accounts after too many failed login attempts within a certain time period.
Within forty-eight (48) hours of discovery, we will report any security breach to the controller of the data (the school or organization). "Security breach" means any unauthorized access, use, or disclosure of confidential information. Security breaches does not include: (a) "pings" on an system firewall; (b) port scans; (c) attempts to log on to an information systems with an invalid password or user name; (d) denial-of-service attacks; (e) malware that does not result in unauthorized access, use, or disclosure of confidential information. SchoolAdmin may delay notification if advised to do so by law enforcement agencies.
Software Development Lifecycle
SchoolAdmin maintains a defined Software Development Lifecycle that contains the following:
Traceable change management from requirements through deployment
Segmentation of roles and separation of duties
Multi-step review of all changes
Automated checks and testing, including vulnerability scans
Controls on the deployment of software to production servers
SchoolAdmin maintains enforced and audited policies regarding access controls and device management, including but limited to:
Full disk encryption on all devices
Limits with regular audits on systems access
Tracking with remote lock and wipe capabilities on laptops
SchoolAdmin restricts and monitors physical access to company facilities.
Redundancy and Disaster Recovery
SchoolAdmin servers use the latest in redundant data storage components which allow for multiple equipment failures without loss of data. In some cases, entire servers are maintained as back-up to the primary servers.
SchoolAdmin’s database servers are configured with a primary and multiple read-only secondary servers for redundancy.
Offsite Data Back-up
SchoolAdmin creates back-up copies of all customer data every 2 hours with nightly versions stored for a minimum of 30 days. The back-up data is encrypted and stored in a different location than the database server. Thus, even in the event of total destruction of the SchoolAdmin data center, full back-up copies of all customer data are available.
SchoolAdmin maintains a disaster recovery plan which outlines the steps required in order to reconstruct the SchoolAdmin system in the event of system failure.
Data Center Management
Data Center Locations
SchoolAdmin hosts production environments for schooladminonline.com and schooladmin.one in a cloud environment operated by Amazon AWS infrastructure services, with primary servers located in Virgina.
SchoolAdmin hosts production environments for the schooladmin.ca domain in a cloud environment located operated by Amazon AWS infrastructure services, with servers located in Québec.
School data is not transferred across country borders from the primary hosting location (for example, Canada data stays in Canada).
Power / Network Uptime
Amazon AWS provides SLAs of 99.99% uptime network and power for cloud computing customers. Their 99.95% network uptime guarantee is based on multiple redundant networks providing access to their data centers from different network providers.
Amazon AWS relies on several layers of data security to protect physical assets like servers. Access to Amazon AWS data centers is limited to Amazon AWS data center technicians, who in addition to traditional identification measures, are identified using biometric scanning. Every data center is monitored via security cameras and has 24x7 onsite staff to guard against unauthorized entry. Amazon AWS uses an independent firm to audit physical security procedures.