We are sensitive to all security and privacy concerns. In fact, security and privacy are our top priorities in providing our services to thousands of school districts throughout the United States. We are often asked if our service is subject to any federal privacy laws. Keep reading to learn how federal privacy laws apply to FinalForms.
Security and compliance are shared responsibilities between AWS, FinalForms, and the School District (Customer). This model helps relieve FinalForms’ operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. In turn, FinalForms has responsibility and management of the operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall. As shown in the chart below, this differentiation of responsibility is commonly referred to as Security “of” the Cloud versus Security “in” the Cloud. FinalForms carefully considers the services provisioned as responsibilities vary depending on the nature of the services, the integration of those services into the IT environment, and applicable laws and regulations. The Shared Responsibility Model is designed to provide FinalForms with flexibility and control over technology and the School District with flexibility and control over authorized user access.
There is no FERPA certification for a service provider such as FinalForms. In order to meet the FERPA requirements applicable to our operating model, FinalForms aligns our FERPA risk management program, detailed below.
For more on this subject, please visit: https://d0.awsstatic.com/whitepapers/compliance/AWS_FERPA_Whitepaper.pdf
Thanks to our latest partner, Learn21/CoSN Ohio, we’ve formulated a comprehensive resource for best practices with student data. Whether you're considering FinalForms or investigating online student data in general, we believe the following information will provide a good foundation for your research.
Military Grade Physical Controls + Enterprise Grade Security = Piece of Mind
FinalForms is hosted in entirety on our infrastructure on Amazon Web Services (AWS) EC2 and S3 instances. We chose AWS specifically because of its prolific scale, redundancy, and emphasis on data privacy & security.
The Amazon Web Services infrastructure is designed and managed according to the highest standards for security and data protection, including SOC 1, 2, 3, PCI DSS Level 1, ISO 27001, FIPS 140-2, and more, as well as military-grade physical controls. Enterprise-grade security ensures data stays secure with SSL encryption. To provide continuous availability, FinalForms is deployed on multiple data centers. Every piece of data is automatically copied to multiple locations for redundancy – ensuring data is always available.
Our technology partnership with Amazon Web Services enables us to meet our commitment to securing customer data.
Frequently, FinalForms is used to store sensitive student health and demographic information on behalf of various school systems. Knowing this from the outset, we thoroughly researched and rigorously vetted a rock-solid solution that meets national educational industry standards.
This document details the steps we've taken at each layer to meet medical information standards and a multitude of other regulation programs.