How does Summit protect student information?

Protecting student privacy is a top priority for Summit. We have established robust physical, technical, and administrative safeguards to protect the information in the Summit Learning Platform. These safeguards prevent unauthorized access, disclosure, or improper use of information—and we are constantly evaluating our policies and practices to improve the security of our network and systems.

The steps we take to protect student information include:

  • Summit does not place advertising in the Platform or the related Services and will never sell student information or use student information for targeted advertising.
  • All of the service providers that support the operation and development of the Summit Learning Platform and the related Services—from web hosting to software engineering—are required to comply with our Privacy Policy, meaning that they must have the same protections in place as we do. We have published a list of these service providers, which includes details on what information is disclosed or received from these service providers and partners.
  • We conduct criminal background checks of all employees who have access to student information and provide security training to those employees. We restrict access to student information to employees and service providers who need to access that information to process it for us. Employees are subject to strict confidentiality obligations and will be disciplined or terminated if they fail to meet these obligations.
  • The Platform is hosted on physically secure servers at a third-party facility operated by a service provider with whom we have a written agreement to protect student information in a manner consistent with our Data Privacy Addendum. For example, personal information is stored on servers equipped with industry standard encryption. In addition, the hosting facility provides a 24/7 security system, video surveillance, intrusion detection systems and locked cages.
  • Summit performs application security testing; penetration testing; conducts risk assessments; and monitors compliance with security policies. We periodically review information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
  • We encrypt the transmission of information using secure socket layer technology (SSL/TLS) by default, and the information stored in Summit’s database is encrypted at rest.
  • The Platform does not store student, teacher, or administration passwords. Instead, we use single sign-on (SSO) technology to grant access to the Platform.
  • We keep student email addresses provided by teachers in encrypted storage and use them only for the purposes of login, account management, and troubleshooting bugs reported to us by users.
  • We have adopted a security framework to improve data security protections.
  • We backup student information daily and monitor for unusual access.
  • We allow Summit users to report security bugs by contacting us at privacy@summitlearning.org.

For more information on our data security practices, please see the Data Privacy Addendum and Privacy Policy.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request.

Comments

0 comments

Article is closed for comments.