This Security Policy was last updated on January 30, 2019.
PAIRIN’s security policy has multiple components and is formulated around a multilayered strategy with controls at multiple levels of data transfer, storage and access.
These components include:
PAIRIN recognizes the importance and sensitive nature of the data that it is entrusted with. As such, PAIRIN is committed to the security of all information stored on its computer systems and its commitment is enshrined in the corporate code of conduct that all employees follow. In addition, all employees are screened with thorough background checks.
PAIRIN also has a set of security policies that cover the usage and access of sensitive data and credentials to accounts, computer and network systems, application services, change management, safe network usage, remote access, and a host of other IT resources. The PAIRIN Corporate Security Policy mandates that all employees agree with the PAIRIN Employee Security Guidelines, which includes policies such as the following:
PAIRIN has extensive policies and controls designed to protect client information. PAIRIN uses a distributed database to store information across a number of computers. Data in databases is also replicated across multiple computers in order to ensure that no single system is a single point of failure.
PAIRIN follows software industry best practices at every level of the application to ensure that data is retrieved, stored and transmitted securely.
PAIRIN transmits all web application data to our employees and users via the HTTPS protocol. HTTPS is the industry standard for any service that transmits sensitive information via the web. Using HTTPS ensures that all data is encrypted while in transmission and only PAIRIN can decrypt the data upon arrival. Additionally, no malicious third party agent can impersonate PAIRIN’s service and intercept privileged request parameters.
In all cases, PAIRIN only retrieves data specific and necessary for the purpose of building features that add direct value to the client.
Each business, school or district’s data is stored in its own PAIRIN logical database with different authentication credentials from other customer databases. This ensures that one customer’s data cannot be retrieved with credentials for another customer, either by an internal PAIRIN system or a PAIRIN client user.
All PAIRIN web, application, communication, and database servers are accessible only by background-checked PAIRIN staff. Only authorized PAIRIN employees with the necessary operational responsibilities are allowed to access or modify network, database, application resources and settings. Employees have unique User IDs which are used to log into PAIRIN systems and have targeted permissions to view and manipulate systems information. Activities are logged for any required auditing.
PAIRIN takes system security very seriously and utilizes a number of tools to monitor access to its systems. All inbound and outbound requests made on PAIRIN’s systems are logged for review by staff.
PAIRIN’s infrastructure is built on technology that has been rigorously tested by the technology industry.
Network access is strictly controlled. All networked systems have access restricted to authorized personnel, and all non-public facing machines can only be accessed from within PAIRIN’s private network.
Upon discovery of bugs or exploits, the engineering team will immediately apply the officially recommended software update to address the issue.
If you would like to report any concerns with PAIRIN’s security practices or implementation, please email email@example.com.
PAIRIN utilizes Amazon Web Services (AWS) to host and operate its private databases. AWS is highly regarded as one of the most secure and robust cloud service providers in the world. As an industry-leading cloud service provider, AWS has secure data centers equipped with nondescript facilities, professional security staff, controlled access, video surveillance, intrusion detection and other security features. This ensures that all data is separated from outside connections and access is limited to select, current members of the PAIRIN team.
If you would like to learn more about AWS security policies, click here
Given the sensitive nature of student and education data, PAIRIN understands that it is important to comply with the Federal FERPA regulation. Access to education data inside PAIRIN’s systems is tightly controlled and requires explicit written permission from a school or district before we will begin transferring information from their systems.
PAIRIN products and services are COPPA compliant. Because we take steps to ensure that schools and districts have given explicit permission at every step in the process of connecting them to PAIRIN. All PAIRIN education data has received consent for use. At PAIRIN, the security and privacy of student information is our topmost priority. PAIRIN is committed to ensuring that the information stored in its systems remains safe and secure.
It is this “security first” approach to development that enables schools to work with PAIRIN with absolute confidence. At PAIRIN, we routinely perform security and privacy audits to ensure that data is kept secure and private. With PAIRIN, schools can rest assured the integrity and security of their data will be maintained.
For more information about PAIRIN security, please contact firstname.lastname@example.org.