Data Encryption
All school data is encrypted to prevent unauthorized access:
Encryption at Rest
Data stored in our databases and file systems is encrypted using AES-256 encryption. Even if storage media were accessed, data would be unreadable without encryption keys.
Encryption in Transit
All data transmitted between your devices and MyEncore servers uses TLS 1.3 encryption. This protects data from interception during transmission.
Access Controls
We implement multiple layers of access control:
Role-Based Access
Users only see data relevant to their role. Teachers see their classes. Admin staff access their functions. Parents see their children. No unnecessary data exposure.
Authentication Security
Strong password requirements with complexity rules. Optional two-factor authentication adds an additional verification step for sensitive accounts.
Session Management
Automatic session timeouts after periods of inactivity. Users can view and terminate active sessions from their account settings.
Admin Controls
School administrators can manage user access, reset passwords, and revoke access immediately when staff leave or roles change.
Audit Logging
Comprehensive logging supports accountability and incident response:
Access Logs
Every login attempt is logged with timestamp, IP address, and success/failure status. Unusual patterns can be identified and investigated.
Data Access Logs
Access to sensitive data is logged. Know who viewed learner records and when. Essential for compliance and incident investigation.
Change Logs
Modifications to critical data are logged with before/after values. Track who made changes and what was changed.
Log Retention
Audit logs are retained securely for the duration required by compliance requirements. Logs cannot be modified or deleted.
Secure Development
Security is built into our development process:
Secure Coding Standards
Developers follow secure coding guidelines to prevent common vulnerabilities like SQL injection, cross-site scripting, and insecure data handling.
Code Review
All code changes are reviewed before deployment. Security considerations are part of the review checklist.
Dependency Management
Third-party libraries are monitored for security vulnerabilities. Updates are applied promptly when issues are identified.
Testing
Security testing is part of our quality assurance process. We test for vulnerabilities before releases reach production.
Ongoing Security
Security is an ongoing commitment, not a one-time effort:
Monitoring
Our systems are continuously monitored for security events. Alerts are investigated promptly by our technical team.
Patch Management
Security patches for operating systems, frameworks, and dependencies are applied regularly to address known vulnerabilities.
Incident Response
We have documented incident response procedures. If a security issue occurs, we act quickly to contain, investigate, and remediate.
Employee Training
Our team receives security awareness training. Everyone understands their role in protecting customer data.
Reporting Security Concerns
If you discover a potential security issue with MyEncore, please report it to us immediately. Contact us at [email protected] or through our contact page.