Gradelink Security Overview
We take school privacy very seriously at Gradelink. We value your trust and understand securing your school’s data is our most important responsibility. We operate with rigorous attention to security, making the protection of students’ identity of students and the retention of the confidentiality of their personal data a top priority.
All web and mobile client connections use industry-standard SSL encryption to protect web traffic from end to end. Today student information systems are expected to integrate with LMS and state reporting systems, but we believe your data is owned by your school and will never be given, sold, or otherwise provided to third parties without written consent or direction by your school administration. If we were ever to be approached with an information request by state educational or law enforcement authorities, we would actually refer the requestor to your school for consideration and direction by your school’s administration.
Redundant automatic backup methods are employed on a nightly basis using separate local and remotely encrypted storage. In addition, a secondary offsite backup is maintained and monitored regularly for complete nightly success. In the unlikely event of accidental data loss, information from previous archives can be restored as far back as the school began utilizing Gradelink’s services. At any time, subscribing schools may also export their student information including demographic, biographic, medical, attendance, and other non-academic records to downloadable Excel-compatible files. Academic (transcript) records can be exported as downloadable PDF files. By request, all data can be archived and delivered as an encrypted SQL server backup file.
Gradelink hosts its servers in a locked and secured data center facility in Irvine California. The data center is centrally located within Orange County and accessible by a limited number of authorized engineers via remote server tools that are logged and audited on a regular basis. All IT staff and engineers are located in the United States at our Lake Forest office which is 15 minutes away from our data center. When routine weekend maintenance and upgrades are planned, our servers are physically accessible to the most trusted and vetted engineers at Gradelink. Our data center utilizes redundant 10 Gbps fiber connections with 24/7 network monitoring and real-time power and uptime measurements. Our servers are equipped with racks that are bolted together into one large unit providing seismic stability with four dedicated 10-ton air conditioning units. Backup power is provided by an 80 KVa UPS that is calibrated to provide up to 4 hours of direct power with additional backup by diesel generators. The data center premises are monitored by fulltime video surveillance, accompanied by motion detectors that are tied to the central security system with immediate access to local law enforcement. Within the data center, our servers are physically located behind multiple locking doors with audited and logged access for any authorized Gradelink engineer. Direct access to the data center building is secured by magnetic locking systems with physical access granted by data center staff following logging with picture identification. Surveillance cameras are located at every entrance within and outside the data center and camera recording is triggered by any movement within the view of the cameras.
Gradelink uses industry-standard network protection procedures, including network segregation, firewall, and router technologies, intrusion detection systems with log aggregation, and alert mechanisms in conjunction with secure VPN connectivity required for all authorized personnel. This allows us to prevent and mitigate the impacts of malicious traffic, and network exploration by brilliant and curious students.
The following multilayer security measures are currently in place for schools:
- Schools are isolated to individual complete databases. No data is shared across common tables or procedures.
- Gradelink maintains a complete separation of concerns between school databases.
- All requests to the Gradelink service are audited by device and IP address.
- Schools can customize timeout policies for students and teacher accounts.
- Schools can customize lockouts for time of inactivity.
- Schools can customize password complexity rules.
- Enforce lockouts when passwords are incorrectly entered five or more consecutive times.
- Real-time log of Grade Sheet activity for all classrooms.
- Dozens of teacher-specific options to limit teacher access to classrooms.
- 30 options to limit or customize parent/student access to Gradelink from web or mobile platforms.
- Options to enable/disable core features such Teacher Pages, Communicate, and Attendance, while staff receives training with Gradelink features.