Protecting student privacy is a top priority for Summit Learning. We have established robust physical, technical, and administrative safeguards to protect the information in the Summit Learning Platform. These safeguards prevent unauthorized access, disclosure, or improper use of information. We are constantly evaluating our policies and practices to improve the security of our network and systems. For a full and detailed list of those protections, please see our Data Privacy Addendum and Security Whitepaper.
Below is a summary of some of the steps Summit Learning takes to protect student information:
- We restrict access to personal information to authorized Summit Learning employees, agents, service providers, or independent contractors who reasonably need to know that information in order to process it for us, and who are subject to confidentiality obligations. Employees and contractors (“Staff”) are subject to discipline if they fail to meet these obligations;
- We require our service providers with which we share Student User personal information to employ industry standard data protection and security protocols;
- We use identification and authentication methods such as multi-factor authentication;
- We employ administrative, physical, and technical safeguards designed to protect personal information from unauthorized access, disclosure, and use or acquisition by an unauthorized person, including when transmitting and storing such information;
- We employ encryption technologies to securely transmit personal information, including data-in-transit encryption, and we encrypt personal information that is stored;
- We maintain a data backup and recovery capability designed to ensure a timely and accurate restoration of personal information;
- We maintain a secure software development lifecycle with industry standard security practices designed to establish secure application(s), network, and infrastructure architectures;
- We maintain event monitoring and response procedures for events which could impact functionality, security and/or availability of the Summit Learning Program;
- We regularly provide Staff training for security incidents and maintain incident response policies, plans and procedures focused on timely and effective incident response;
- We employ trained incident handling professionals with experience in security incident and event monitoring;
- We perform application security testing (including penetration testing) and conduct security risk assessments focused on the identification and remediation of risks. Any identified security vulnerabilities are remediated in a timely manner;
- We implement oversight and governance procedures for security risks, including a vulnerability disclosure program and mandatory reviews of any incidents affecting the Summit Learning Platform.
For more information on our data security practices, please see our Security Whitepaper.