Data Security

SOLVED builds Modern PreK-12 School Solutions for Students, Families & Staff. Below are the steps that SOLVED takes to keep you and your data secure.
Information Security
SOLVED encrypts and protects sensitive information across the transformation and analysis process.

• Data in Transit- TLS encryption for all data exchanged. Additional security isavailable for dedicated VPN connections between the customer and SOLVED.
  
• Data at Rest – AES 256-bit encryption.
• Network Security – Intrusion detection systems and alerts to monitor for real-time threats, including the use of virtual firewalls, scanners, and encryption systems.

Access Management & Authentication
SOLVED’s platform provides full control of access to all hosted information.

• Account Authentication: MFA and 2SV protocols
• Password Policies: Required strength factors (minimum characters, required numbers and special characters, common passwords rejected), salted and hashed password storage, and password resets
• Granular Access Control and Review: Role-based access, visibility, and user access rights. Regular access review and analysis
• Audit and Access Logging: Detailed tracking and audit logging of all activities related to the application environment and administrative activity

Software Development Practices
Security processes and have been fully integrated into the SOLVED software development processes. Developers receive training that focuses on OWASP specific guidelines. In addition, processes are setup to allow for separation of duties and segmentation of platforms with dev, staging, and production.

• OWASP based security controls design
  
• Separation between dev, staging, and prod
• Use of test data indevelopment environment
• Code peer review
• Code repository controls
• Threat modeling
• Deployment controls

Company Policies and Procedures

SOLVED leverages Amazon Web Services (AWS). We utilize hardeningpractices from the Center for Internet Security (CIS) Benchmarks for the platform configuration. SOLVED can make available all standards, AWS certifications and accreditations along with physical security controls.

Company Policies and Procedures
SOLVED security, risk, and compliance processes were developed basedon industry best practices and are reviewed and updated on an annual basis or upon any significant change.

• Security Policies and Training – All employees go through required training upon hire and must recertify on an annual basis. Policies include:
  

• Access Control
  
• Business Continuity
  
• Disaster Recovery
  
• Cryptographic Controls
  
• Data Management
  
• Human Resources Security
  
• Information Security
  
• Operations Security
  
• Physical Security
  
• Risk Management
  
• Third Party Risk Management
  

• Platform Security – On-going security activities, including:
  

• Network intrusion detection
  
• Code vulnerability scanning
  
• System, network, application log analysis, reporting, and retention
  

• Incident Response Planning & Team in place to handle any significant security event to triage and respond to establish system resiliency, minimize impact, and protect customer data.