ClassLink maintains data that can be categorized into two areas. Data related to customers and data related to our company.
ClassLink maintains data needed for the operation of the ClassLink system. This data includes what is generally regarded as Directory Information such as name, school building affiliation, grade level, and email address. ClassLink may also maintain profile pictures, cell phone numbers for students age 13+ (to send password reset verification codes), student ID numbers, login credentials for various online resources, and personal computer files (temporarily cached for file transfers between cloud drives and stored until deleted by user for the ClassLink cloud drive). ClassLink does not generally maintain information such as mailing address, gender, date of birth, and other personal demographic data.
We also maintain a variety of personal data about staff members needed for ClassLink human resources and payroll purposes.
ClassLink is committed to ensuring that all Personally Identifiable Information (PII) entrusted to us is secure and that the privacy of both its customers and staff members is protected.
All Personally Identifiable Information (PII) is encrypted at rest and in transit. We use strong encryption algorithms including AES-256 with rotated encryption keys. Key exchanges are made using strong cryptographic protocols, and all keys are protected from end to end.
Your data always remains in your control, and never co-mingled with anyone else’s data. Your demographic data, and any other protected information resides on your own on-premises or exclusive cloud-based servers, and is shared with cloud applications at your discretion.
Vulnerability management is an essential component of ClassLink’s information security program. Vulnerability assessment consists of simulating attacks on networked assets to identify the their potential vulnerabilities. Remediation of these vulnerabilities is key to keeping your information safe and secure.
ClassLink systems undergo regular security scanning and penetration testing to detect and minimize vulnerabilities and eliminate threats to your confidential data. This is done by both in-house and by third-party consultants to most effectively detect any vulnerabilities.
ClassLink maintains a business continuity plan to prepare for the possibility of extended service outages caused by factors beyond our control, like natural disasters or man-made events, with the objective to restore services to the widest extent possible in a minimum time frame. All ClassLink sites are expected to implement preventive measures whenever possible to minimize network failure and to recover as rapidly as possible if and when a failure occurs.
ClassLink has defined and maintains a clear set of procedures should any unauthorized access to your private data occur. This ensures that the root cause of such an incident is identified and remedied as quickly as possible.
ClassLink adheres to a change management process and system to apply changes, upgrades, or modifications to customer facing ClassLink products and services as well as internally used business management products and services. We also use this process to manage modifications to the ClassLink internal network, server hardware, and software. A strong change management process enables us to reduce the risk of information corruption, system disruption, and loss of productivity.
A risk is an event or condition that, if it occurs, could have a positive or negative effect on ClassLink activities. ClassLink uses Risk Assessment tools to identify, monitor, assess, report, and respond to risks associated with our activities.
Risk assessment and management provides a framework for the performance of periodic information security risk assessments to determine areas of vulnerability associated with ClassLink activities, and to initiate appropriate remediation, if necessary. Our Risk Assessment Process defines how risks associated with ClassLink activities will be identified, analyzed, and managed, and outlines how risk management activities will be performed, recorded, and monitored throughout the lifecycle of a project.
Unsecured and vulnerable servers are an entry point for malicious threats. ClassLink’s server installation policies and configuration management procedures are used to secure servers and avoid threats and vulnerabilities.
ClassLink continually backs up critical data and tests its backups to ensure the accessibility of it’s information assets to staff and customers. This process prevents the loss of data in the case of an accidental deletion or corruption of data, system failure, or disaster. It also ensures timely restoration of data should accidental deletion or corruption occur.
Unsecured and vulnerable servers are an entry point for malicious threats. ClassLink relies on consistent server installation and maintenance policies to secure servers and avoid vulnerabilities.
Security Response Plans are created by the ClassLink teams associated with ClassLink products and services as well as internally used business management products and services. These plans are used by ClassLink management to assist in awareness and coordinated response in the event of a security vulnerability or incident. Security Response Plans contain contact information for key personnel associated with the program or service, escalation paths, expected service level agreements, severity and impact classifications, and mitigation and remediation timelines.
ClassLink maintains logs from critical systems, applications, and services which can provide key information and indicators of data compromise. The logs are critical for forensic analysis, and are reviewed on a regular basis to proactively respond to potential data issues.
Employee candidates and existing employee background checks are an essential part of security. ClassLink employees are carefully screened and vetted to ensure that your data remains in safe hands. All of our employees sign nondisclosure agreements to prevent the release or misuse of any confidential data.
All ClassLink employees take part in regular security awareness training to ensure that we maintain a culture of security for ourselves and our customers. Ongoing training campaigns, correlated with security testing, helps us to stay ahead of security threats throughout the industry.
ClassLink maintains cyber liability insurance against the possibility of a data breach with a limit of $15,000,000 per occurrence.