Outside auditors often ask our customers to provide an overview of Populi's data security practices. The following list describes the various security layers in Populi—from the controls in place at our data centers to access permissions within Populi itself.
- Customer data is stored in SSAE 16 Type II compliant data centers.
- The data centers feature compartmentalized security zones and biometric access controls.
- The primary data center backs up to a cloud-based data center.
- Populi is guarded by firewalls and overseen with proactive monitoring for hacking/probing attempts.
- All user access to Populi occurs over 256-bit SSL-encrypted connections.
- User logins require alphanumeric passwords; two factor authentication is also offered.
- User accounts are locked after too many failed login attempts.
- User sessions are subject to automated timed logouts after a certain period of inactivity.
- Information access in Populi is based on an individual user's role-based permissions.
- All changes to core academic and financial data (as well as other data) are tracked in system change logs. All financial transactions have a complete audit trail.
- Customer data is backed-up on a rolling basis: daily, weekly, and monthly.
- The company has a business continuity plan that outlines disaster recovery (among other things).
- This article describes Populi's tools that help you comply with the European Union's GDPR.
- You can read about Populi's compliance with FERPA and the relevant provisions of Gramm-Leach-Billey Act.
- If you need SOC reports for the providers we use to store student data, here are links to Amazon AWS and LiquidWeb.