国产精品

Our comprehensive security program helps protect sensitive data at every step.

Our success depends on building highly secure product and infrastructure. Our desire is to help schools, teachers, parents, and application partners create a secure learning environment where students can thrive.

We know it鈥檚 not enough to just write secure code鈥攆or security to be effective, it has to be ingrained in our culture and embedded in every part of the business. That鈥檚 why security is part of everyone鈥檚 job at 国产精品: 100% of our people receive security training. To lead this program, we hire security experts who have extensive security experience for market-leading cloud services and are passionate about creating safe digital learning ecosystems.

Our comprehensive security-by-design approach helps to protect sensitive data at every step鈥攚hether it鈥檚 a district鈥檚 first data transfer or one-millionth login.

Helping schools secure their data

We know data protection is a key priority for our district customers, and we understand how challenging it can be for districts to effectively manage risk and ensure high data protection standards across all of the district鈥檚 unique technology partners. At 国产精品, we鈥檙e not only committed to meeting those standards鈥攚e have an outstanding security track record and are regularly investing in new tools, technologies, and enhancements to stay ahead of risks.

School districts turn to 国产精品 to help manage and safeguard Student Data shared with technology partners. Instead of maintaining and troubleshooting custom scripts with dozens of application providers, districts can easily create and update student accounts in education software and control how much data is shared through 国产精品. Instead of managing multiple transmissions to application providers, districts can rely on the 国产精品 API to transmit Student Data with strong security requirements.

With 国产精品, districts have one security-focused platform for sharing data with authorized applications, a platform that鈥檚 regularly tested and optimized for data security.

Full encryption in transit and at rest

国产精品 helps districts secure student information by encrypting it in transit and at rest. We use modern cryptographic algorithms like AES256-GCM and follow key management best practices with strict user access control and multifactor authentication.

Secure development lifecycle

From initial design concept to final testing, our security protocols inform every aspect of product and infrastructure development. All development projects, including new products and features, require a security review process. It includes threat modeling and code review for any major change.

Cloud-hosted infrastructure is a more secure infrastructure

Increasingly, districts are adopting cloud infrastructure instead of on-premise models for one key reason: security. Most education software providers also have adopted cloud services to host their products for districts, as have healthcare providers, financial institutions, and government agencies. While on-premise systems need to be maintained, updated, configured, and secured individually, cloud services typically offer key benefits that provide stronger data security management and practices.

• Cloud service providers have greater security expertise running servers in the cloud across thousands of customers over many years.
• Cloud service providers are experienced in navigating and managing a broad array of security requirements, including most stringent security standards, such as HIPAA, COPPA, GDPR, and SOC.
• Cloud service providers have a much more substantial investment in both network and physical security than on-premise systems could typically provide.

国产精品鈥檚 infrastructure runs on Amazon Web Services (AWS), an industry leader in cloud services and data security. Ernst & Young LLP performs the AWS System and Organization Controls audit and issues reports that demonstrate how AWS achieves these key compliance controls and objectives. The AWS SOC 2 and other reports are available on the .

Comprehensive independent third-party security evaluation

Our team continually monitors for suspicious activity and employs automated threat detection alerting and response processes. We engage top third-party security firms who perform regular audits and external code reviews, and we make these audits available upon request.

In addition, we work with聽聽to run a bug bounty program. The bug bounty program engages security researchers and independent security professionals (“Bug Bounty Participants“) to proactively test our platform and report any issues that we then assess and mitigate. 国产精品 authorizes and encourages the responsible and ethical discovery and reporting of vulnerabilities on all of 国产精品’s products. Security researchers can participate by sending an email to security@clever.com with the email address they use for their HackerOne account, and we will add you to our private program. 聽If Bug Bounty Participants make a good faith effort to conduct research and disclose vulnerabilities in accordance with our disclosure rules (found ), 国产精品 will not recommend or pursue law enforcement or civil lawsuits related to such activities. If a Bug Bounty Participant is interested in publication of the vulnerability, 国产精品 will permit publication after the earlier of (a) 国产精品鈥檚 confirmation of remediation of the vulnerability and (b) nine (9) months have passed since disclosure of the vulnerability to 国产精品鈥檚 security team.

If you have any questions about 国产精品’s security program, please send an email to security@clever.com.

Read more about 国产精品鈥檚 .