Since our Accudemia software is hosted on the AWS (Amazon Web Services) Cloud we would also like to include a link to the Amazon Cloud Security Documentation (PDF):
The database is hosted in the Amazon Cloud.
Yes. The database is stored in a US server in the Amazon cloud.
The data is backed up every 30 minutes and moved off site instantly.
Login screens are always encrypted using an industry-standard SSL certificate as well as any other information in transit using SSL encryption.
Yes. You can download the information at anytime you want. We will never sell or share your student information.
Access to data is available for as long as your subscription to the service is active. Once the service becomes inactive (e.g. as a result of not renewing it when it expires) then access to the database stops upon expiration.
We have a manual to use in case of disaster. Also, we have a server image hosted on Amazon that allows us to restore the server and the backups in less than one hour. Please note that we can decide to use another procedure in case of disaster depending on the reason why the servers went down.
Yes. Data is always encrypted at rest in all accounts using SSL-encryption.
You can pull the data from the system at anytime using the Export feature available in Accudemia. This feature is only available to administrators.
No- we never had a data breach that we are aware of. We have been offering Accudemia as a service for 10 years, and it has been hosted in the Amazon cloud for the past 4 years. We offer the cloud solution to some of the TOP 15 biggest U.S. universities.
Amazon has many years of experience in designing, constructing, and operating large-scale data centers. You can check their current uptime here:
https://health.aws.amazon.com/health/status
Amazon EC2 offers a highly reliable environment where replacement instances can be rapidly and predictably commissioned. The service runs within Amazon’s proven network infrastructure and data centers. The Amazon EC2 Service Level Agreement commitment is 99.99% availability for each Amazon EC2 Region.
In-Transit Data such as login screens are always encrypted using an industry-standard SSL certificate as well as any other information in transit using SSL encryption.
Data at Rest is always encrypted in all Accudemia accounts using SSL-encryption.
Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
Amazon only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical and electronic access to data centers by Amazon employees is logged and audited routinely.
Data stored in Amazon S3, Amazon SimpleDB, or Amazon Elastic Block Store is redundantly stored in multiple physical locations as a normal part of those services.
SSL is used to encrypt and protect the information while being sent on the Internet - from our server to your local computer. The database and its backups however, never leave the Amazon Cloud; they are stored internally in the Amazon backup servers. Passwords are the exception though; they are always encrypted using the best industry-standards.
API Calls to launch and terminate instances, change firewall parameters, and perform other functions are all signed by an X.509 certificate or the customer's Amazon Secret Access Key. Without access to the customer's Secret Access Key or X.509 certificate, Amazon EC2 API calls cannot be made on their behalf. In addition, API calls can be encrypted in transit with SSL to maintain confidentiality. Amazon recommends always using SSL-protected API endpoints.
The AWS network provides significant protection against traditional network security issues and the customer can implement further protection. The following are a few examples:
The customer's strict management of security groups can further mitigate the threat of port scans. If the customer configures the security group to allow traffic from any source to a specific port, then that specific port will be vulnerable to a port scan. In these cases, the customer must use appropriate security measures to protect listening services that may be essential to their application from being discovered by an unauthorized port scan. For example, a web server must clearly have port 80 (HTTP) open to the world, and the administrator of this server is responsible for ensuring the security of the HTTP server software, such as Apache.
AWS is working with a public accounting firm to ensure continued Sarbanes Oxley (SOX) compliance and attain certifications such as recurring Statement on Auditing Standards No. 70: Service Organizations, Type II (SAS70 Type II) certification. These certifications provide outside affirmation that AWS has established adequate internal controls and that those controls are operating efficiently. AWS will continue efforts to obtain the strictest of industry certifications in order to verify its commitment to provide a secure, world-class cloud computing environment.
Routine, emergency, and configuration changes to existing AWS infrastructure are authorized, logged, tested, approved, and documented in accordance with industry norms for similar systems. Updates to AWS’s infrastructure are done to minimize any impact on the customer and their use of the services. Accudemia Team will communicate with customers, either via email, or through the Engineerica Service Health Dashboard when service use is likely to be adversely affected.
Accudemia does not store or receives any credit card information. All payments are processed via the third-party service PayPal and we only process the payment confirmation to renew the service. The Accudemia software itself does not, at any moment, process, transmit or handles any information that could potentially be subject of PCI compliance analysis.
Without limiting your obligations under the user agreement, we will implement reasonable and appropriate measures designed to help you secure Your Content against accidental or unlawful loss, access or disclosure.
You can download the information at anytime you want. We will never sell or share your student information. Access to data is available for as long as your subscription to the service is active. Once the service becomes inactive (e.g. as a result of not renewing it when it expires) then access to the database stops upon expiration.
Engineerica understands that student data and records are subject to the Family Educational Rights and Privacy Act ("FERPA"), 10 U.S.C. Section 1232g (collectively, the "FERPA Records"). As a result, Engineerica holds these records in strict confidence. Engineerica safeguards the FERPA Records according to commercially reasonable administrative, physical, and technical standards that are no less rigorous than the standards by which Engineerica protects its own confidential information.
We have a manual to use in case of disaster. Also, we have a server image hosted on Amazon that allows us to restore the server and the backups in less than one hour. Please note that we can decide to use another procedure in case of disaster depending on the reason why the servers went down.
Please refer to Accudemia documentation website articles pertaining to User Management and Group Role Templates.
For more information on setting up Single Sign-on process and Security Keys/Tokens.