Blog
 | Topic:  Security

Follow @FinalForms on Twitter

What Governs Your Data Collection Processes?

Macklin Chaffee

Audited for accuracy as of May, 2023.

We are sensitive to all security and privacy concerns. In fact, security and privacy are our top priorities in providing our services to thousands of school districts throughout the United States. We are often asked if our service is subject to any federal privacy laws.  Keep reading to learn how federal privacy laws apply to FinalForms.

Contine Reading

AWS+FinalForms+Customer Shared Responsibility Model

Macklin Chaffee

Audited for accuracy as of May, 2023.

Security and compliance are shared responsibilities between AWS, FinalForms, and the School District (Customer). This model helps relieve FinalForms’ operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. In turn, FinalForms has responsibility and management of the operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall. As shown in the chart below, this differentiation of responsibility is commonly referred to as Security “of” the Cloud versus Security “in” the Cloud. FinalForms carefully considers the services provisioned as responsibilities vary depending on the nature of the services, the integration of those services into the IT environment, and applicable laws and regulations. The Shared Responsibility Model is designed to provide FinalForms with flexibility and control over technology and the School District with flexibility and control over authorized user access.

There is no FERPA certification for a service provider such as FinalForms. In order to meet the FERPA requirements applicable to our operating model, FinalForms aligns our FERPA risk management program, detailed below. 

For more on this subject, please visit: https://d0.awsstatic.com/whitepapers/compliance/AWS_FERPA_Whitepaper.pdf

Contine Reading

FinalForms Security, Data Privacy, and Compliance

Macklin Chaffee

Military Grade Physical Controls + Enterprise Grade Security = Piece of Mind

Audited for accuracy as of May, 2023.

FinalForms is hosted in entirety on our infrastructure on Amazon Web Services (AWS) EC2 and S3 instances. We chose AWS specifically because of its prolific scale, redundancy, and emphasis on data privacy & security.

The Amazon Web Services infrastructure is designed and managed according to the highest standards for security and data protection, including SOC 1, 2, 3, PCI DSS Level 1, ISO 27001, FIPS 140-2, and more, as well as military-grade physical controls. Enterprise-grade security ensures data stays secure with SSL encryption. To provide continuous availability, FinalForms is deployed on multiple data centers. Every piece of data is automatically copied to multiple locations for redundancy – ensuring data is always available.

Our technology partnership with Amazon Web Services enables us to meet our commitment to securing customer data.

Frequently, FinalForms is used to store sensitive student health and demographic information on behalf of various school systems. Knowing this from the outset, we thoroughly researched and rigorously vetted a rock-solid solution that meets national educational industry standards.

This document details the steps we've taken at each layer to meet medical information standards and a multitude of other regulation programs. 

Contine Reading