Security Practices RESPONSE REQUIRED. A. Protected data provided to the contractor will be stored: (include where and how) B. The security protections taken to ensure data will be protected that align with the NIST Cybersecurity Framework and industry best practices include:
Security Practices RESPONSE REQUIRED. A. Protected data provided to the contractor will be stored: (include where and how) Protected data will be stored in the SOC2 AWS (Amazon Web Services, USA, Northern Virginia) certified data center secured against unauthorized physical access. B. The security protections taken to ensure data will be protected that align with the NIST Cybersecurity Framework and industry best practices include: We manage cybersecurity risk by implementing security policies and appropriate safeguards to ensure delivery of critical infrastructure services. Also, we developed appropriate activities to identify the occurrence of a cybersecurity event and to restore any capabilities or services that were impaired due to a cybersecurity event Part 6: Encryption Practices RESPONSE REQUIRED
Security Practices RESPONSE REQUIRED. A. Protected data provided to the contractor will be stored: (include where and how) Hopscotch server B. The security protections taken to ensure data will be protected that align with the NIST Cybersecurity Framework and industry best practices include: All account data including username and passwords are encrypted in the Hospcotch server in compliance with the NIST Cybersecurity Framework.
Security Practices RESPONSE REQUIRED. A. Protected data provided to the contractor will be stored: (include where and how)The data is stored in externalized databases that are currently being provided by MongoDB Atlas, and simultaneously hosted on Amazon Web Services in North Virginia (United States). User- generated content (which may or not contain personal information) may be temporarily stored in other countries in order for Edpuzzle to provide a better service. Concretely, uploaded videos, audios or images may have a copy temporarily stored in other regions to reduce the time of load. B. The security protections taken to ensure data will be protected that align with the NIST Cybersecurity Framework and industry best practices include: (a) pseudonymisation and encryption of data; (b) password protection; (c) ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (d) restore the availability and access to personal data in a timely manner in the event of a technical incident; and (e) regularly test, assess and evaluate the effectiveness of technical and organizational measures ensuring the security of the processing.
Security Practices RESPONSE REQUIRED. A. Protected data provided to the contractor will be stored: (include where and how) All sensitive data is stored in encrypted using an ansible-vault mechanism on Google Cloud servers. B. The security protections taken to ensure data will be protected that align with the NIST Cybersecurity Framework and industry best practices include: Happy Numbers Inc. uses TLS v1.2 to transit data. To safeguard the data we keep, we use a restricted network, and to access it, we use a regularly updated VPN with encryption. We also have the following administrative, operational, and technical safeguards and practices to protect personally identifiable information listed in Appendix A. Part 6: Encryption Practices RESPONSE REQUIRED ☐ By checking this box, contractor certifies that data encryption is applied in accordance with NYS Education Law Section 2-d 5(f)(5). DocuSign Envelope ID: 4450B284-3A95-4C1C-933C-BC2F4D99969E DocuSign Envelope ID: B141520B-6EC6-4C54-8F37-EEE50AC86EEB Appendix A Security Audit Checklist for Happy Numbers Inc. This checklist describes the regular security audit processes for Happy Numbers Inc. It includes the checklist for the assets (physical and informational), list of threats and preventive & protective measures against these threats (action list). This audit must be done at least twice a year. Also the appropriate measures should take place in case the new employee joins/leaves the company. Assets List ● Laptops, Phones, Tablets (work and personal) ● Production environment VPN keys ● SSH Keys ● Backups ● Source codes (github) ● Stage environments ● Logs ● Email ● Production admin accounts ● Production tokens Checklist / Action List Common procedures: ● Store and keep in fit a list of employees who have any access to sensitive or/and personal information. Devices hacking (viruses, trojans and so on) ● Regular check and educate each employee with simple rules of security: ○ 2Factor auth for all critical apps (especially xxxxx.xxx and xxxxxx.xxx) ○ Encrypt disks of all laptops ○ Strong passwords (8 and more letters, digits, special symbols) on all laptops account and services ○ Password and/or fingerprint protection of all phones/tablets with the access to any work data including email DocuSign Envelope ID: 4450B284-3A95-4C1C-933C-BC2F4D99969E DocuSign Envelope ID: B141520B-6EC6-4C54-8F37-EEE50AC86EEB ○ No pass for any sensitive information through open channels (emails, messaging apps, chats and so on). Use PGP or special password managers (li...
Security Practices RESPONSE REQUIRED. A. Protected data provided to the contractor will be stored: (include where and how) Vendor stores student data encrypted in a database in an Amazon AWS facility (see here for more info on AWS compliance standards xxxxx://xxxx.xxx.xxxxxx.xxx/whitepapers/latest/aws-overview/security-and-compliance.html). Vendor restricts access to student data to only individual with a business need. B. The security protections taken to ensure data will be protected that align with the NIST Cybersecurity Framework and industry best practices include: In motion, the data is encrypted via TLS 1.2. At rest, the data is encrypted using AES-256 encryption.
Security Practices RESPONSE REQUIRED. A. Protected data provided to the contractor will be stored: (include where and how)See the attached Data Protection at Hudl document. B. The security protections taken to ensure data will be protected that align with the NIST Cybersecurity Framework and industry best practices include:See the attached Data Protection at Hudl document. Part 6: Encryption Practices RESPONSE REQUIRED X By checking this box, contractor certifies that data encryption is applied in accordance with
Security Practices RESPONSE REQUIRED. A. Protected data provided to the contractor will be stored: in a secure facility in the United States B. The security protections taken to ensure data will be protected that align with the NIST Cybersecurity Framework and industry best practices include: Utilizing a comprehensive data governance model that encompasses appropriate security and privacy principles to address all applicable statutory, regulatory and contractual obligations based on ISO 27001 and NIST Cybersecurity frameworks. Policies are reviewed and updated annually by Vendor’s Chief Information Security Officer (CISO) and Chief Privacy Officer (CPO), and submitted for final approval by its Data Privacy and Security Steering Committee.
Security Practices RESPONSE REQUIRED. A. Protected data provided to the contractor will be stored: (include where and how) Data is stored in an Azure SQL database physically located in the US B. The security protections taken to ensure data will be protected that align with the NIST Cybersecurity Framework and industry best practices include: The database with user data is hosted on Microsoft Azure and takes advantage of the security features that are provided there Part 6: Encryption Practices RESPONSE REQUIRED
Security Practices RESPONSE REQUIRED. A. Protected data provided to the contractor will be stored: (include where and how)
