MEASURE, MAP, and DEVELOP

the essential skills of success.

Recognized as one of the “50 Coolest New Businesses in America” by Business Insider

Pairin Security

This Security Policy was last updated on: February 5th, 2015
security@pairin.com

Introduction

Pairin is a service that provides analytics and insights derived from data from surveys of employees, applicants, and students. This paper provides an overview of the current state of Pairin security. Pairin takes advantage of the latest in cloud computing technology but maintains strict security policies to ensure the security and integrity of data it manages.

Overview

Pairin’s security policy has multiple components and is formulated around a multilayered strategy with controls at multiple levels of data transfer, storage, and access.

These components include:

  • Corporate Security Policies
  • Data Security
  • Operational Security
  • Physical and Environmental Security
  • Regulatory Compliance
  • Corporate Security Policies

    Pairin recognizes the importance and sensitive nature of the data that it is entrusted with. As such, Pairin is committed to the security of all information stored on its computer systems and its commitment is enshrined in the corporate code of conduct that all employees follow. In addition, all employees are screened with thorough background checks.

    Pairin Security Policy

    Pairin also has a set of security policies that cover the usage and access of sensitive data and credentials to accounts, computer and network systems, application services, change management, safe network usage, remote access, and a host of other IT resources. Pairin Corporate Security Policy mandates that all Employees agree with the Pairin Employee Security Guidelines, which includes policies such as the following:

    • Employees are required to enable two-factor authentication in every internal and external services where two-factor authentication is made available
    • Employees must adhere to the Pairin Privacy Policy and are never allowed to communicate directly with any applicant or student without express consent of the Customer.
    • Data Security Data Integrity

      Pairin has extensive policies and controls designed to protect client information. Pairin uses a distributed database to store information across a number of computers. Data in databases is also replicated across multiple computers in order to ensure that no single system is a single point of failure.

      Application & Software Security

      Pairin follows software industry best practices at every level of the application to ensure that data is retrieved, stored and transmitted securely.

      Secure Network Transport with HTTPS

      Pairin transmits all web application data to our employees and users via the HTTPS protocol. HTTPS is the industry standard for any service that transmits sensitive information via the web. Using HTTPS ensures that all data is encrypted while in transmission and only Pairin can decrypt the data upon arrival. Additionally, no malicious third party agent can impersonate Pairin’s service and intercept privileged request parameters.

      Secure Information Retrieval

      In all cases, Pairin only retrieves data specific and necessary for the purpose of building features that add direct value to the client.

      Customer-Specific Logical Databases

      Each business, school or district’s data is stored in its own Pairin logical database with different authentication credentials from other customer databases. This ensures that one customer’s data cannot be retrieved with credentials for another customer, either by an internal Pairin system or a Pairin client user.

      Customer-Granted Credentials

      In order for Pairin to retrieve data about employees or students to begin the survey process, the customer must first provide Pairin with the necessary information. Customer will receive, either from a direct download a .CSV file, or from Pairin a password protected .CSV file for inputting the necessary information. Customers may then upload directly to the system over a secure HTTPS and SSL protected link to Pairin’s service. If emailing forms to Pairin, it is recommended that customers password protect those files before sending.

      Operational Security Personnel

      All Pairin web, application, communication, and database servers are accessible only by background-checked Pairin staff. Only authorized Pairin employees with the necessary operational responsibilities are allowed to access or modify network, database, application resources and settings. Employees have unique User IDs which are used to log into Pairin systems and have targeted permissions to view and manipulate systems information. Activities are logged for any required auditing.

      Monitoring

      Pairin takes system security very seriously and utilizes a number of tools to monitor access to its systems. All inbound and outbound requests made on Pairin’s systems are logged for review by staff.

      Infrastructure and Software Security

      Pairin’s infrastructure is built on technology that has been rigorously tested by the technology industry.

      • Network access is strictly controlled. Networked systems all have access restricted to authorized personnel, and all non-public facing machines can only be accessed from within Pairin’s private network.
      • Pairin’s infrastructure is built on top of the operating systems, databases, and software provided by trusted commercial vendors and reputable open source projects.
      • Pairin relies on many open source technologies that have been proven in the industry to be reliable and secure.
      • Pairin’s engineering team actively monitors industry security announcements for software bugs or exploits that may impact our operations.
      • Upon discovery of bugs or exploits, the engineering team will immediately apply the officially recommended software update to address the issue.

        If you would like to report any concerns with Pairin’s security practices or implementation, please call the number on our web site or email security@pairin.com

        Physical and Environmental Security

        Pairin utilizes (HEROKU) to host and operate its private databases. HEROKU is built upon Amazon Web Services and both are highly regarded as the most secure and robust cloud service providers in the world. As an industry leading cloud service provider, HEROKU has secure data centers equipped with nondescript facilities, professional security staff, controlled access, video surveillance, intrusion detection, and other security features. This ensures that all data is separated from outside connections and access is limited to select, current members of the Pairin team.

        If you would like to learn more about HEROKU security policies, click here

        Regulatory Compliance Family Educational Rights and Privacy Act (FERPA)

        Given the sensitive nature of student and education data, Pairin understands that it is important to comply with the Federal FERPA regulation. Access to education data inside Pairin’s systems is tightly controlled and requires explicit written permission from a school or district before we will begin transferring information from their systems.

        Children's Online Privacy Protection Act (COPPA)

        Pairin products and services are COPPA compliant. Because we take steps to ensure that schools and districts have given explicit permission at every step in the process of connecting them to Pairin. All Pairin education data has received consent for use. At Pairin, the security and privacy of student information is our topmost priority. Pairin is committed to ensuring that the information stored in its systems remains safe and secure.

        It is this “security first” approach to development that enables schools to work with Pairin with absolute confidence. At Pairin we routinely perform security and privacy audits to ensure that data is kept secure and private. With Pairin, schools can rest assured the integrity and security of their data will be maintained.

        For more information about Pairin security, please contact: security@pairin.com