This Security Policy was last updated on: February 5th, 2015
Pairin is a service that provides analytics and insights derived from data from surveys of employees, applicants, and students. This paper provides an overview of the current state of Pairin security. Pairin takes advantage of the latest in cloud computing technology but maintains strict security policies to ensure the security and integrity of data it manages.
Pairin’s security policy has multiple components and is formulated around a multilayered strategy with controls at multiple levels of data transfer, storage, and access.
These components include:
Pairin recognizes the importance and sensitive nature of the data that it is entrusted with. As such, Pairin is committed to the security of all information stored on its computer systems and its commitment is enshrined in the corporate code of conduct that all employees follow. In addition, all employees are screened with thorough background checks.
Pairin also has a set of security policies that cover the usage and access of sensitive data and credentials to accounts, computer and network systems, application services, change management, safe network usage, remote access, and a host of other IT resources. Pairin Corporate Security Policy mandates that all Employees agree with the Pairin Employee Security Guidelines, which includes policies such as the following:
Pairin has extensive policies and controls designed to protect client information. Pairin uses a distributed database to store information across a number of computers. Data in databases is also replicated across multiple computers in order to ensure that no single system is a single point of failure.
Pairin follows software industry best practices at every level of the application to ensure that data is retrieved, stored and transmitted securely.
Pairin transmits all web application data to our employees and users via the HTTPS protocol. HTTPS is the industry standard for any service that transmits sensitive information via the web. Using HTTPS ensures that all data is encrypted while in transmission and only Pairin can decrypt the data upon arrival. Additionally, no malicious third party agent can impersonate Pairin’s service and intercept privileged request parameters.
In all cases, Pairin only retrieves data specific and necessary for the purpose of building features that add direct value to the client.
Each business, school or district’s data is stored in its own Pairin logical database with different authentication credentials from other customer databases. This ensures that one customer’s data cannot be retrieved with credentials for another customer, either by an internal Pairin system or a Pairin client user.
In order for Pairin to retrieve data about employees or students to begin the survey process, the customer must first provide Pairin with the necessary information. Customer will receive, either from a direct download a .CSV file, or from Pairin a password protected .CSV file for inputting the necessary information. Customers may then upload directly to the system over a secure HTTPS and SSL protected link to Pairin’s service. If emailing forms to Pairin, it is recommended that customers password protect those files before sending.
All Pairin web, application, communication, and database servers are accessible only by background-checked Pairin staff. Only authorized Pairin employees with the necessary operational responsibilities are allowed to access or modify network, database, application resources and settings. Employees have unique User IDs which are used to log into Pairin systems and have targeted permissions to view and manipulate systems information. Activities are logged for any required auditing.
Pairin takes system security very seriously and utilizes a number of tools to monitor access to its systems. All inbound and outbound requests made on Pairin’s systems are logged for review by staff.
Pairin’s infrastructure is built on technology that has been rigorously tested by the technology industry.
Upon discovery of bugs or exploits, the engineering team will immediately apply the officially recommended software update to address the issue.
If you would like to report any concerns with Pairin’s security practices or implementation, please call the number on our web site or email email@example.com
Pairin utilizes (HEROKU) to host and operate its private databases. HEROKU is built upon Amazon Web Services and both are highly regarded as the most secure and robust cloud service providers in the world. As an industry leading cloud service provider, HEROKU has secure data centers equipped with nondescript facilities, professional security staff, controlled access, video surveillance, intrusion detection, and other security features. This ensures that all data is separated from outside connections and access is limited to select, current members of the Pairin team.
If you would like to learn more about HEROKU security policies, click here
Given the sensitive nature of student and education data, Pairin understands that it is important to comply with the Federal FERPA regulation. Access to education data inside Pairin’s systems is tightly controlled and requires explicit written permission from a school or district before we will begin transferring information from their systems.
Pairin products and services are COPPA compliant. Because we take steps to ensure that schools and districts have given explicit permission at every step in the process of connecting them to Pairin. All Pairin education data has received consent for use. At Pairin, the security and privacy of student information is our topmost priority. Pairin is committed to ensuring that the information stored in its systems remains safe and secure.
It is this “security first” approach to development that enables schools to work with Pairin with absolute confidence. At Pairin we routinely perform security and privacy audits to ensure that data is kept secure and private. With Pairin, schools can rest assured the integrity and security of their data will be maintained.
For more information about Pairin security, please contact: firstname.lastname@example.org