Since our AccuClass software is hosted on the AWS (Amazon Web Services) Cloud we would also like to include a link to the Amazon Cloud Security Documentation (PDF):
The database is hosted in the Amazon Cloud.
Yes. The database is stored in a US server in the Amazon cloud.
The data is backed up every 30 minutes and moved off site instantly.
Yes. You can download the information at anytime you want. We will never sell or share your student information.
Access to data is available for as long as your subscription to the service is active. Once the service becomes inactive (e.g. as a result of not renewing it when it expires) then access to the database stops upon expiration.
We have a manual to use in case of disaster. Also, we have a server image hosted on Amazon that allows us to restore the server and the backups in less than one hour. Please note that we can decide to use another procedure in case of disaster depending on the reason why the servers went down.
Yes. Data is always encrypted at rest in all accounts using SSL-encryption.
You can pull the data from the system at anytime using the Export feature available in AccuClass. This feature is only available to administrators.
No- we never had a data breach. We have been offering AccuClass as a service for 3 years and it has always been hosted in the Amazon. We offer the cloud solution to some of the TOP 15 biggest U.S. universities.
Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
Amazon only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical and electronic access to data centers by Amazon employees is logged and audited routinely.
The firewall can be configured in groups permitting different classes of instances to have different rules, for example the case of a traditional three-tiered web application. The group for the web servers would have port 80 (HTTP) and port 443 (HTTPS) open to the world. The group for the application servers would have port 8000 (application specific) accessible only to the web server group. The group for the database servers would have port 3306 (MySQL) open only to the application server group. All three groups would permit administrative access on port 22 (SSH), but only from the customer's corporate network. Highly secure applications can be deployed using this expressive mechanism.
The firewall is controlled not by the host/instance itself, but requires the customer's X.509 certificate and key to authorize changes, thus adding an extra layer of security. Within EC2, the host administrator and cloud administrator can be separate people, permitting two man rule security policies to be enforced. In addition, AWS encourages customers to apply additional per-instance filters with host-based firewalls such as IPtables. This can restrict both inbound and outbound traffic on each instance.
Data stored in Amazon S3, Amazon SimpleDB, or Amazon Elastic Block Store is redundantly stored in multiple physical locations as a normal part of those services.
The database and its backups never leave the Amazon Cloud. They are stored internally in the Amazon backup servers. Passwords are the exception though; they are always encrypted using the best industry-standards.
The AWS network provides significant protection against traditional network security issues and the customer can implement further protection. The following are a few examples:
The customer's strict management of security groups can further mitigate the threat of port scans. If the customer configures the security group to allow traffic from any source to a specific port, then that specific port will be vulnerable to a port scan. In these cases, the customer must use appropriate security measures to protect listening services that may be essential to their application from being discovered by an unauthorized port scan. For example, a web server must clearly have port 80 (HTTP) open to the world, and the administrator of this server is responsible for ensuring the security of the HTTP server software, such as Apache.
AWS is working with a public accounting firm to ensure continued Sarbanes Oxley (SOX) compliance and attain certifications such as recurring Statement on Auditing Standards No. 70: Service Organizations, Type II (SAS70 Type II) certification. These certifications provide outside affirmation that AWS has established adequate internal controls and that those controls are operating efficiently. AWS will continue efforts to obtain the strictest of industry certifications in order to verify its commitment to provide a secure, world-class cloud computing environment.
Routine, emergency, and configuration changes to existing AWS infrastructure are authorized, logged, tested, approved, and documented in accordance with industry norms for similar systems. Updates to AWS’s infrastructure are done to minimize any impact on the customer and their use of the services. AccuClass Team will communicate with customers, either via email, or through the Engineerica Service Health Dashboard (https://www.engineerica.com/status/) when service use is likely to be adversely affected.
AccuClass does not store or receives any credit card information. All payments are processed via the third-party service PayPal and we only process the payment confirmation to renew the service. The AccuClass software itself does not, at any moment, process, transmit or handles any information that could potentially be subject of PCI compliance analysis.
Without limiting your obligations under the user agreement, we will implement reasonable and appropriate measures designed to help you secure Your Content against accidental or unlawful loss, access or disclosure. Engineerica Systems, Inc. will communicate the affected users and customers regarding any data breach within a reasonable time frame after it has knowledge of the incident.
You can download the information at anytime you want. We will never sell or share your student information. Access to data is available for as long as your subscription to the service is active. Once the service becomes inactive (e.g. as a result of not renewing it when it expires) then access to the database stops upon expiration.
Engineerica understands that student data and records are subject to the Family Educational Rights and Privacy Act ("FERPA"), 10 U.S.C. Section 1232g (collectively, the "FERPA Records"). As a result, Engineerica holds these records in strict confidence. Engineerica safeguards the FERPA Records according to commercially reasonable administrative, physical, and technical standards that are no less rigorous than the standards by which Engineerica protects its own confidential information.
Customer Data is destroyed from our primary database 30-45 days after the account expires if the customer doesn't express written intentions of renewing. Data may remain in external backups for an additional period of time during our backup retention period until it's fully destroyed. This process is no more than 60 days after the service is cancelled.
We have a manual to use in case of disaster. Also, we have a server image hosted on Amazon that allows us to restore the server and the backups in less than one hour. Please note that we can decide to use another procedure in case of disaster depending on the reason why the servers went down.
Please refer to AccuClass documentation website articles pertaining to User Management .
Please refer to AccuClass documentation website articles pertaining to the AccuClass API. Currently there are not any SSO (Single Sign-On) Integrations available for this product, but can be developed for a cost if needed. This includes LDAP / Active Directory, Shibboleth, SAML Authentication, or any other custom connectors that integrate with your Student Information Systems (SIS) such as Blackboard, PeopleSoft, Colleague, etc.