FinalForms Logo

FinalForms evolves with your needs, keep up!


“You continue to make our lives easier and jobs more efficient."– Josh Hardin, Athletics Manager, Cincinnati Public School District

Categories

  • New OHSAA Eligibility Tracked Info

    Now tracking 9th Semester and Students Over-age. 

    We recently added two new checks to the FinalForms system for the state of Ohio, further insuring that your reports of student eligibility are accurate.

     

    9th Semester Check

    The OHSAA mandates that a student-athlete is only eligible for OHSAA sports for 8 consecutive semesters. Based on the first-day-of-high-school field that ADs set, we calculate if an active student will have been in school for more than 8 semesters during a sport season that they have registered for. If so, we alert the administration and parents.

     

    19 years old Check

    A student in Ohio also cannot have turned 19 before Aug 1st of the current school year. If they do and are attempting to participate in athletics during that school year, we alert the administration and the parents

     

     

  • FinalForms Security, Data Privacy, and Compliance

    All data is strictly held as confidential.

    Military Grade Physical Controls + Enterprise Grade Security = Piece of Mind

    FinalForms is hosted in entirety on our infrastructure on Amazon Web Services (AWS) EC2 and S3 instances. We chose AWS specifically because of its prolific scale, redundancy, and emphasis on data privacy & security.

    The Amazon Web Services infrastructure is designed and managed according to the highest standards for security and data protection, including SOC 1, 2, 3, PCI DSS Level 1, ISO 27001, FIPS 140-2, and more, as well as military-grade physical controls. Enterprise-grade security ensures data stays secure with SSL encryption. To provide continuous availability, FinalForms is deployed on multiple data centers. Every piece of data is automatically copied to multiple locations for redundancy – ensuring data is always available.

    Our technology partnership with Amazon Web Services enables us to meet our commitment to securing customer data.


    SecurityFrequently, FinalForms is used to store sensitive student health & demographic information on behalf of various school systems. Knowing this from the outset, we have thoroughly researched and then crafted a rock-solid solution from the ground up, rigorously vetting at every layer, that meets national educational industry standards.

    In this document we give a detailed account of the steps we've taken at each layer to meet, not just the medical information standards, but a multitude of other regulation programs.

     

    Physical Security

    We host the entirety of our infrastructure on Amazon Web Services (AWS) EC2 and S3 instances. We chose AWS specifically because of its prolific scale, redundancy, and emphasis on data privacy & security. Among its long list of physical security benefits the highlights are:

    • Amazon has unmatched experience in designing, constructing, and operating large-scale data centers.
    • AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection.
    • Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means.
    • Authorized staff must pass two-factor authentication no fewer than three times to access data center floors.
    • All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
    • Worldwide facilities have been audited and granted many certiciations.
    • Linked is the AWS SOC 3 Report.

    We have several policies of our own in place that ensure the highest level of security is taken when handling client information outside of our web application.

    • Developer machines do not store sensitive information locally.
    • Client information is never stored physically without consent from a client administrator.

     

    Technical Security

    As mentioned before, we host our infrastructure on Amazon Web Services (AWS). Amazon is widely considered to be the leader for infrastructure as a service (IaaS) providers. They are compliant with a wide range of regulations and provide granular control over your network. Here are just a few of the many security benefits they provide:

    • Host Operating System Security:
      • AWS employees with a business need are required to use their individual cryptographically b SSH keys to gain access to the host.
      • All access is logged and routinely audited.
      • When an AWS employee no longer has a business need to administer EC2 hosts, their privileges on and access to the hosts are revoked.
    • Guest Operating System Security:
      • We have complete control over our virtual instances.
      • AWS administrators do not have access to our instances, and cannot log into the guest OS.
    • Firewall
      • Amazon provides a complete firewall solution.
      • This mandatory inbound firewall is configured in a default deny mode and the we must explicitly open any ports to allow inbound traffic.
    • Denial Of Service (DoS) Security:
      • Standard DDoS mitigation techniques such as SYN floods and connection limiting are in use.
      • Amazon maintains internal bandwidth which exceeds its provider-supplied Internet bandwidth.
    • Man In the Middle (MITM) Security:
      • All of the AWS APIs are available via SSL-protected endpoints which provides server authentication.
    • Spoofing Security:
      • The Amazon-controlled, host-based firewall infrastructure will not permit an instance to send traffic with a source IP or MAC address other than its own.
    • Port Scanning Security:
      • Port scans of Amazon EC2 instances are generally ineffective because, by default, all inbound ports on Amazon EC2 instances are closed.

     

    Outside of the AWS provided features, we implemented and ensure:

    • All administrative activity involving our servers is performed over an encrypted connection.
    • Client information is not stored digitally outside of the secure AWS infrastructure.
    • Verbose logging is enabled wherever possible, leaving clear audit trails.
    • Backups are run periodically and regularly tested for success in recovery situations.
    • Intrusion detection systems alert administrators of suspicious activity.

     

    Administrative Privacy

    The FinalForms workforce, itself, has been structured to minimize contact with student data. Specifically, no more than 4 trained individuals will ever have access to that data. Data is only ever accessed without school staff present in secure development settings via SSH or through the FinalForms administrative interface, both encrypted connections.

    Linked is our Privacy Policy and Terms of Service.

     

  • FinalForms: Here to Stay!

    Emerging from infancy!

    FinalForms started as a custom application for a few pioneer schools. The athletic directors at these schools were savvy enough to know that a tool could be built that didn't just collect data for the sake of "going paperless", but actually USED the data to automate some of the most tedious functions of their daily life. Once we had the proof of concept, we began developing feature after feature, always to the applause of grateful ADs, Coaches, and Trainers. We now had a product that we completely believed in. A product that was vetted and loved by schools from Cleveland to Cincinnati.

    -- Time for the next step! --

    For the past 9 months, our development team has been working on taking FinalForms from its prototype roots to a robust, blazing-fast, and flexible application capable of hosting millions of student records! This was a direct response not only to all of the feedback we've received from parents, coaches, and athletic directors, but also to technical observations and analysis about how the system was being used. The end result is a radically improved hosting platform which translates to 4x faster page load times!

    -- FinalForms is here to stay. --

    In the coming months, we will be introducing some of the most popular new features in detail, providing a road-map for the future, and writing a few technical articles describing our platform and why we're so confident in our ability to handle, not just the 1.2 million student-athletes in our home state of Ohio, but an entire nation of high schoolers!

     

  • Where to Find the Physical Form to Print for Physicians?

    Helpful HOW-TO for finding your OHSAA physical quickly. 

    Most of the time, your local school will provide you with physical or printable copies of the necessary physical form for physicians to fill out. However, we do also have links to the standard state-specific forms within the application itself. You, as a parent, can find these in three different locations.

    1. There is a permanent link in your profile dropdown on the top right of the screen.

    2. There is a link within the Instructions panel when you click "Instructions" on the students page.


    3. Once you complete your athletic forms on the site and your student signs them as well, the next call to action button will be a prompt to download and print the physical form PDF.

     

     

  • Roster Email Customization

    Ever wanted to customize your Roster email footers? 

    Today we're introducing the ability for Administrators to customize the "signature" at the bottom of roster emails. Roster emails can be sent by Coaches and Administrators through the Sport interface. You now have the ability to add a logo and arbitrary text to the bottom of these emails.

    Custom Roster Footer

    Usage: As an Admin, go to Manage -> Configuration. Check the box marked Custom Footer? under Roster Email Customization. You will be presented with an image upload field and text area into which you can enter your custom footer language. Once you update the configuration, all roster emails will include this custom footer!

     

  • Sport-Specific Forms

    Opening up a whole new world of customization of formsets.

    We have integrated the ability to have forms than are only required on a per-sport basis. These forms are not required or even displayed in the student-athlete registration process unless the child has been signed up for that sport. 

    This feature provides a lot of flexibility for ADs to indulge Coaches needs without inconveniencing student-athletes playing other sports.

    Usage: Commission the FinalForms team to create your new optional form. Then edit a specific sport, and select the new form in the dropdown (as seen above)


RSS Feed

Don't wait. Eliminate risk today.