Data Security Policy
Data Center Security
- CourseArc is hosted on Amazon AWS, where many measures are in place to protect security
- Physical access to data site is highly restricted, logged, and monitored
- Multi-factor authentication is required to enter data center
Protection from Data Loss
- CourseArc performs twice daily data backups to a data site in a separate region
- Disaster Recovery exercises are carried out quarterly
- Each client has a segregated database to prevent corruption and overlap
Application Level Security
- User account passwords are hashed and require lowercase, uppercase, a number, and special character
- All application requests are encrypted using TLS
- We perform weekly OWASP testing
Internal IT Security & Policies
- All employees and contractors are required to undergo a background check
- All employees and contractors with access to sensitive data are required to complete security and FERPA training annually
- Access to sensitive data is limited on an as-needed basis. Employees and contractors are prohibited from downloading sensitive data unless it is related to a client request, and they are trained on how to encrypt such data
- CourseArc undergoes a SOC I Type 2 Audit annually. A report is available upon request.
If you discover a vulnerability in the CourseArc application, please contact firstname.lastname@example.org which will ensure that the Data Breach Response Team is notified and it is investigated thoroughly.
Data Breach Notification
If we have reason to believe that an unauthorized party has gained access to any unencrypted data that is not publicly available information, we will send out a notification of the breach. We will contact the Client’s designated main point of contact(s) via phone and email within 48 hours.
If you have any questions about data security or our data breach policy please contact us by email at email@example.com.
Last Updated: June 18, 2021