Exploring Your Potential was created to offer a safe and secure experience for students, teachers and administrators. As such, data security and product stability is a top priority for our team at EYP Ventures, Inc. The following outlines measures taken and in place:
Data and Security
Location
EYP Ventures Inc. servers are with AWS and are located in the US and Canada.
Hosting Security
Physical Security
- Data center access limited to data center technicians
- Biometric scanning for controlled data center access
- Security camera monitoring at all data center locations
- 24×7 onsite staff provides additional protection against unauthorized entry
- Unmarked facilities to help maintain low profile
- Physical security audited by an independent firm
System Security
- System installation using hardened, patched OS
- System patching configured to provide ongoing protection from exploits
- Dedicated firewall and VPN services to help block unauthorized system access
- Data protection with managed backup solutions
- Optional, dedicated intrusion detection devices to provide an additional layer of protection against unauthorized system access
- Distributed Denial of Service (DDoS) mitigation services
- Risk assessment and security consultation by professional services teams
Operational Security – The Infrastructure
- All employees trained on documented information security and privacy procedures
- Access to confidential information restricted to authorized personnel only, according to documented processes
- Systems access logged and tracked for auditing purposes
- Secure document-destruction policies for all sensitive information
- Fully documented change-management procedures
- Independently audited disaster recovery and business continuity plans in place
Operational Security – Customer’s Application Environment
- Best practices used in the random generation of initial passwords
- All passwords encrypted during transmission and while in storage
- Secure media handling and destruction procedures for all customer data
- Support-ticket history available for review via the EYP customer portal
Data
Backup & Recovery
EYP Ventures Inc. provides nightly backups are standard with all our hosting plans. Server backups can only be recovered for a period of 3 days, unless previously agreed.
Confidentiality
Data concerning the client’s business affairs, including customer(s), vendor(s), finances, properties, computer programs, documentation and other related information, whether written or oral, is confidential in nature. EYP Ventures Inc. nor the client may without written consent, disclose, any confidential information to any person or organization about each other, except as may be required by law.
Disaster Recovery
In an event of a serious server crash EYP Ventures Inc. may be forced to perform a full restore. The recovery time for such a rare incident would be 4 hours.
Removable Media Policy
EYP Ventures, Inc. staff may only use EYP Ventures removable media in their work computers. EYP Ventures, Inc. removable media may not be connected to or used in computers that are not owned or leased by the EYP Ventures, Inc. without explicit permission of the EYP Ventures, Inc. Information Security staff. Sensitive information should be stored on removable media only when required in the performance of your assigned duties or when providing information required by other state or federal agencies. When sensitive information is stored on removable media, it must be encrypted in accordance with the EYP Ventures, Inc. Acceptable Encryption Policy.
Exceptions to this policy may be requested on a case-by-case basis by EYP Ventures, Inc. – exception procedures.