About Edsby & Your Data
Users of Edsby deserve to know how it’s designed to be safe and secure. Learn how your information is stored in Edsby, who owns it and how it’s being used.
Edsby is a cloud-based software service that modernizes how teachers, students and parents engage with each other. The types of education organizations which use Edsby include public school districts and private schools. Edsby is selected by these organizations, often through a formal competitive procurement process and rigorous evaluation of many factors including privacy and security of student data, and is managed by the education organization as one part of the suite of technology solutions that every education organization requires.
Unlike many free education solutions on the internet which bypass the approvals and management controls of education organizations, districts and schools pay to use Edsby and thereby own all the data within.
Cloud-based solutions offer lower costs, higher reliability, better security and more innovative capabilities than traditional software solutions installed and managed by local information technology staff within the education organization’s data center.
As a result of these advantages, education organizations are moving more and more of their mission-critical technology solutions to the cloud. As an example, many of these organizations have rolled out cloud-based email and storage solutions such as Microsoft Office 365 and Google G Suite to the students and staff of their organization. When these organizations look at new technology solutions they generally request or even require that the solution be cloud-based.
Edsby runs in the cloud and embraces best practices for security and privacy. Edsby uses Microsoft as its cloud services provider as Microsoft has a strong focus on serving the information technology needs of organizations around the world in a secure and reliable manner. Microsoft’s cloud platform, Azure, is used by thousands of other organizations, including governments, banks and large corporations. Microsoft Azure meets very stringent standards and requirements for information protection and data sovereignty issued by governments around the world.
Every country and region has specific regulations controlling where education-related data should physically reside, who can obtain access to information held by education organizations and under what circumstances such access may be granted. Education organizations, in turn, understandably want to ensure that their data is governed by these rules.
To meet these requirements, Edsby leverages the architecture of Microsoft’s Azure network around the world. The Microsoft Azure design guarantees that one hundred percent of a customer’s data can be resident in a data center, or centers, within a specific country. Edsby customers in Canada have their Edsby cloud servers (including all computing resources, failover systems and data storage resources including backups) in Canada. In the U.S., all Edsby customers’ systems run in U.S. Azure data centers. The data for Edsby customers in Australia and New Zealand resides in Australian Azure data centers, and so on.
Not all cloud computing providers can guarantee geographic sovereignty of all customer computing resources, sometimes distributing them widely over their networks.
When an education organization chooses to use Edsby, it decides what information to provide to Edsby. Almost every education organization provides Edsby with data about its staff, students and parents so that Edsby can create accounts for those users. The education organization owns this data and strictly controls what is done with this data. Edsby only uses this data to provide services to the education organization.
The education organization provides stewardship of all user-contributed content in their Edsby site, and Edsby manages the retention and deletion of that data at the direction of the administrators of the education organization.
Edsby never sells the data it has or collects from the education organization, as Edsby makes no claim to be the owner of the data.
The only possible situations in which data within Edsby is shared with outside organizations are when
- The company is legally compelled to share data through a valid court order; or
- The education organization requests Edsby to share specific subsets of information with a designated third party which the education organization has approved
Edsby does not provide any form of advertising to Edsby users. Nor does Edsby provide or sell information gathered from the usage of Edsby to advertisers or any other third party to help them target advertisements to members of the education organization. The company’s business is supported solely on basis of Edsby usage fees paid by educational organizations.
There are a number of best practices to ensure only authorized users have access to information in a computer system, and Edsby subscribes to all of them.
An essential part of protecting the security and privacy of information about people stored in a computer-based system is to provide strict controls on who has physical access to the computer systems that store this data.
Each Edsby cloud instance runs in a tier one commercial Microsoft Azure cloud hosting facility that is fully SSAE 16, CSAE 316 and ISAE 3402 Type II certified. These facilities undergo in-depth independent audits of control activities, including management of the hosting and network technologies and services that are used to run Edsby. These facilities renew their certifications annually ensuring Edsby is being managed to the highest standards.
These commercial cloud hosting facilities use state-of-the-art perimeter security and access security systems to ensure only authorized personnel have access to the physical location where Edsby is run.
Controls in place at these facilities include procedures for secure data disposal. This includes both the procedures for deleting data from used data storage and procedures for destroying disk storage units no longer used in production.
Server and Database Protection
Computer systems do get compromised from time to time through vulnerabilities and flaws in the underlying system operating system, database or web server software. To mitigate against these kind of vulnerabilities Edsby uses only commercially supported software that includes the provision of vulnerability/security updates as they become known and available. The company’s cloud service provider covers the notification and installation of security patches that are relevant for the Edsby software stack as they become available.
Account Access Protection
There are a number of measures taken to assure that only authorized users log in to an Edsby system and that intruders are kept out.
- Passwords required: All Edsby accounts require password authentication in order to access any account that is tied to a particular user or particular management role.
- Password controls: Edsby passwords for student and staff accounts are almost always managed by the education organization using Edsby. These organizations generally deploy a centralized password management facility such as Active Directory or LDAP, and Edsby authenticates staff and students through these centralized customer-run systems. This means that Edsby does not need to know the password of each user, and each organization uses the control mechanisms of these central password management systems to control key aspects of passwords such as password length, password character composition, and password change frequency. In addition, this approach ensures that access to Edsby is absolutely controlled by the education organization; if the organization turns off access, a user may no longer log in.
- Password Encryption: Passwords in Edsby are never transmitted anywhere in clear text format. The mechanism used to encrypt passwords varies based on the authentication authority being used, but in all cases Edsby encrypts/hashes the password before transmitting it on the network.
- Password Protection: The internet provides ready access to password cracking software that can try thousands of different passwords per second against an account if the account permits that. Edsby provides an account freezing mechanism that locks out an Edsby account for a period of time if successive password login attempts fail. This delay is long enough to deter the use of automated password cracking software without unduly inconveniencing valid end users.
Account Data Transmission Protection
All data sent between the Edsby server and Edsby client (web browser, smartphone app, tablet app) is encrypted via SSL (Secure Sockets Layer). This is the standard security technology used by banks, online retailers and the like to establish an encrypted link between a web server and a browser/app. This link ensures that all data passed between the web server and browser/app remains private.
Edsby takes steps to ensure that an authorized user sees the information they should have access to and ensures they don’t see information they shouldn’t see.
Much of the support in Edsby to do this is built directly into the Edsby software, as a function of the type of data being accessed. For example, a student can never access a teacher’s gradebook to see how other students in the class are doing. Edsby controls to prohibit this sort of access are built right into the software.
Limiting Information in Edsby
Edsby is deployed as a part of an education organization’s overall Information Technology infrastructure. As such, it integrates with other key systems of record in the organization.
These systems normally include the organization’s authentication system(s), its Human Resources (HR) system and its Student Information System (SIS), the organization’s main database. Student, staff and parent accounts in Edsby are automatically created based on the data in these systems. Each organization decides exactly what data should be supplied to Edsby from its existing systems. For basic Edsby functionality to work it must be supplied with student names, user IDs, class enrollments and so on.
The educational organization has complete control over which information is supplied to Edsby and does so at its discretion.
For example, if an education organization decides that it doesn’t wish Edsby to store or display medical alerts for students to staff, then that information is not sent from the organization’s IT systems to Edsby. However, many organizations seek to have this information available in Edsby so that staff can more accurately be informed of serious medical alerts such as allergies. Again, in all cases, this is a decision made by the educational organization, not by Edsby.
Accuracy of Personally Identifiable Information in Edsby
All personally identifiable information in Edsby is supplied to Edsby directly from the education organization’s existing IT systems (such as the Student Information System). This includes the information used to define user accounts such as name, unique identifier (e.g. student number or staff number), email address, home address and so on. The accuracy of the information in Edsby is a function of the accuracy within the education organization’s IT systems.
Since this information is supplied from the systems of record in the education organization, students are never asked to provide personally identifying information in Edsby.
Edsby provides an additional layer of accuracy by enabling parents to review and confirm information about students the parent is responsible for. If there is inaccurate information displayed in Edsby, the parent can report it to have it updated in the original organization IT system which provided the incorrect data. For example a parent may have moved, and they wish to have the organization update their official record. The corrected information then re-syncs to Edsby.
As mentioned above, this option is never available to students, only to parents.
Edsby implements what’s known as a “roles-based access control” system. This means that each user within the system is assigned a role, and each role is provided with a very specific set of capabilities that are appropriate for that specific role. There are over two hundred different capabilities in Edsby that are controlled on a per role basis, and each capability can be specified at a “no access” level, a “read access” level, or a “read/write access” level.
Examples of Edsby Roles include “Student”, “Parent/Guardian”, “Teacher”, “School Administrator”, “District Administrator”, and so on.
User roles are assigned at account creation time, and roles are rarely changed. How this gets established depends on the role.
- Student accounts in Edsby are driven by the student data made available to Edsby, which almost always comes from the organization’s Student Information System (SIS), its main database. Each student account is assigned a role of “Student”. There are no other options here.
- Parent/guardian accounts are also usually driven by data in the SIS. Almost every SIS stores information about “student contacts” for a particular student. These student contacts can include relationships such as “mother”, “father”, “guardian”, “grandmother”, “grandfather”, “doctor”, and so on. Most SIS platforms also provide information about the access level that each student contact has for that student. A key aspect of this access information is something generally referred to as “Access to Records”. This indicates whether a particular contact is supposed to have access to academic information about a particular student or not. For example, a biological parent listed as a student contact for a student may not have “Access to Records” for that student due to a court order, or perhaps because the student is legally an adult so their parents no longer have a legal right to see their child’s academic progress. Edsby is very sensitive to this data to ensure that only the right student contacts see academic information about a particular student.
- Staff accounts in Edsby have the widest set of roles available to them. Edsby is data-driven in the way it assigns roles to staff accounts. For example, teaching staff accounts are generally managed through data imported from the SIS. These accounts are by default set to a role of “Teacher”. Often the SIS has additional information in it about the role of the staff member, and after careful review and discussion with the education organization the staff roles in the SIS can be automatically mapped to staff roles in Edsby. For example, an SIS may have a role called “Attendance Secretary” in the SIS; this could be mapped to the Edsby role “office”. This mapping exercise, performed with great care, helps ensure that staff members have access to just the information they need to see in Edsby to perform their role.
Adjusting Edsby to Match Policy
Sometimes, the granularity of access is not specified in any national/provincial/state policy or legislation, but instead is based on the policies of the specific education organization that has chosen Edsby. In areas like these, Edsby may be tailored by the education organization to implement the policy it feels is appropriate.
Edsby provides mechanisms to configure the particular access capabilities available to each role on a per-organization basis. This enables the organization to tune the level of information access that Edsby provides to match their policies. For example, the organization may decide to turn on or turn off student-to-student messaging in Edsby.
Examples of areas in Edsby that are often tuned to meet the privacy needs of an organization include:
- Which staff members in a school should have access to a student’s overall academic progress? Only senior administrators such as the principal? What about the Science teacher that needs to understand the student’s progress in Math to better understand their challenges in Science? Edsby is often tuned to meet the organization’s desired policy in this area.
- Should staff members be able to see medical alert information about students at their school?
- Should principals be able to look at teacher’s gradebooks?
Edsby is intended to reflect the policies of the education organization which has chosen to use Edsby.
Edsby is procured and deployed by education organizations. It is often a strategic part of the organization’s overall IT strategy. The education organization defines the parameters for data retention and destruction in Edsby in terms of the number of school years’ worth of data to be held. A district may choose to hold 3 years’ worth of data in Edsby, or 7 years, or just 1 year. This policy is established by the education organization.
In the period between school years (summer time), an archiving process is run for each organization using Edsby. Data such as classes, gradebooks, discussions, and the like from the recently completed school year are moved into a separate archive partition. From here, they can easily be accessed by appropriate staff that may wish, for example, to retrieve a lesson plan from a class taught in Edsby the previous year. Edsby can store as many archive partitions as the customer desires. When an archive partition falls outside of the archiving time window specified it is deleted and none of the data in that archive partition is accessible any longer.
Edsby adopts policies and procedures internally to help ensure that each organization’s information stays private to that organization. Each employee and contractor within the Edsby organization who has access to customer confidential information receives training in this area, and signs an agreement that attests that they have read, understand and will abide by the following policies and procedures:
- Only access Customer Confidential Information when there is a clear technical or support reason to do so.
- Minimize the amount of Customer Confidential Information accessed in the process of addressing a technical or support issue to what is required to investigate the issue at hand.
- Never share Customer Confidential Information with anyone other than other authorized people within the company on a need-to-know basis, or with authorized people in the customer organization that already have access to the kind of Customer Confidential Information in question.
- Never download Customer Confidential Information to a public or shared computer.
- Always ensure a strong access password is in place on any computer used to access or store Customer Confidential Information.
- Never copy Customer Confidential Information to any kind of removable media including CD/DVD disks, computer tapes, USB keys and the like.
- Do not print Customer Confidential Information unless expressly requested by a customer or if it is required in the troubleshooting process. Make sure such printouts are stored in a locked cabinet when not in use. Always destroy any such printout immediately after it has served its purpose. Never retain such printouts for longer than 30 days.
- Any computer used to store Customer Confidential Information must have its hard drives destroyed or cleansed with commercial disk wiping software if it is the process of being disposed of or reassigned to someone who is not authorized to access Customer Confidential Information.
The Future of Privacy Forum (FPF) and The Software & Information Industry Association (SIIA)’s Student Privacy Pledge outlines guidelines for responsible collection, maintenance, and use of student personal information. Edsby was one of the early signatories to the pledge, and has agreed to be bound by all of its commitments.