3rd Party Vendor Data Security

Vendor Name: Infinite Campus
Purpose of Data Usage: Student Management System, Online Backup
Commencement Date: 7/1/2017
Termination Date: 6/30/2018
How Data Will Be Disposed Of: If the customer chooses to terminate the contract, all copies of their data are deleted.   Upon 90 business days following the termination of this Agreement, or sooner at the request of the District, Company warrants that the original and all copies of District information, educational records and pupil records as such terms are defined by FERPA, and any other State or Federal law relating to the protection of confidential student information, will be returned to the District or destroyed in such a manner that such information cannot be read, executed, viewed or in any way accessed when destroyed.
Data and Security Measures:
  The nightly backup of the district database is compressed and then encrypted before pushing it to the Infinite Campus facility located in Blaine MN. The backups are saved to a specific disk cluster with very limited access based on company role. At rest the backups remain encrypted. The data sent to ShoutPoint is a list of phone numbers and the message to be sent. The information is sent using an encrypted link.

Vendor Name: Shoutpoint
Purpose Of Data Usage: Communication System Add-On for Infinite Campus (email/voice)
Commencement Date: 7/1/2017
Termination Date: 6/30/2018
How Data Will Be Disposed Of: TBD
Data and Security Measures: TBD

Vendor Name: Blackboard Connect
Purpose Of Data Usage: Communication System (email/voice/text messages)
Commencement Date: 3/1/2017
Termination Date: 2/28/2018
How Data Will Be Disposed Of: TBD
Data and Security Measures:  Information is protected in several ways:

  • Information Security - All data transmitted to and from the Client utilizes Secure Sockets Layer (SSL). Blackboard retains an external security auditing firm to perform audits to discover potential security threats, assess risks, and provide solutions for patching and managing those risks. In addition, we have implemented security measures in the following areas and to the standards listed below:
  • Internet Packet Security - The Messaging Services utilize Secure Sockets Layer (SSL) in conjunction with multiple layers of firewalls, monitoring, and audit tools.
  • Physical Security - All Client Data is maintained at a data center with 24/7 video and human surveillance. Access to data is limited to specific authorized personnel with valid identification, handprint identification, and a key card to enter the facility. Data facilities have redundant power feeds and data connectivity, are fireproof, flood proof, and have level 4 rating earthquake protection.
  • Data Security - All database servers are behind both the primary and secondary firewall, are inaccessible from the outside, and secured on a separate VLAN with non-routable IP addresses to the Internet. A specific and limited number of staff with specific permission levels is permitted access to the database. All access to the database is limited to specific computer addresses (MAC addresses) and require domain level authentication for access.

Vendor Name: Centris (IEP Direct, RTI Direct)
Purpose of Data Usage: Special Education Management, Response to Intervention Management
Commencement Date: 7/1/2017
Termination Date: 6/30/2018
How Data Will Be Disposed Of:  TBD
Data and Security Measures: Application Secured by District ID, Login ID, and Password.  More TBD.

Vendor Name: Chappaqua Transportation
Purpose of Data Usage: Transportation Management
Commencement Date: 7/1/2017
Termination Date: 6/25/2018
How Data Will Be Disposed Of: Computer storing student data would be returned to the district.
Data and Security Measures: Both PC and Software (Route Finder Pro) Require Password for Access.  PC is Behind Sonic FireWall.

Vendor Name: Naviance
Purpose of Data Usage: College and Career Readiness
Commencement Date:  7/1/2017
Termination Date: 6/25/2018
How Data Will Be Disposed Of: Upon Termination of this Agreement, or at the Discretion of Client, Client May Request in Writing that Client Data be Deleted, and Naviance Shall Comply With Such Written Request Within Thirty (30) Days After Termination.
Data and Security Measures: The Service has security measures in place to help protect against the loss, misuse, and alteration of the data under Naviance's control. When the Service is accessed using a supported web browser, Secure Socket Layer (SSL) technology protects information using both server authentication and data encryption to help ensure that data are safe, secure, and available only to authorized users. Naviance also implements an advanced security method based on dynamic data and encoded session identifications, and hosts the Service in a secure server environment that uses a firewall and other advanced technology in an effort to prevent interference or access from outside intruders. Finally, the Service requires unique account identifiers, user names, and passwords that must be entered each time a Client or User signs on. These safeguards help to prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of data.