Here are some answers to cybersecurity your organization may have.
By Development Team
Date of Creation: 2022-03-17
Last Update: 2023-02-16
Do you support SSO by either OAuth through Google or SAML (preferred)?
Yes, we can support SSO using the SAML2.0 protocol. We are in the process of integration through Google, but an official date for the public launch has yet to be determined. We also have other experiences using LTI integration protocol with different learning management systems (LMS) such as Moodle, and Blackboard.
If you do support SSO, can you restrict it to be the only logins allowed
Yes, we can restrict SSO. In fact, we only take one login allowed; either the LMS, LDAP, School, etc.
Do you offer Multi-Factor Authentication (MFA)?
What Cybersecurity Framework do you use:
Our Cybersecurity process is based on a system of standards, guidelines, and best practices to manage risks that arise in the digital world. We do not host any data on servers belonging to or being secured by Robotel. We use Google Cloud services to host the data and rely on their security setup to protect the data. In addition, we do have a process to generate monthly and secure encrypted vault passwords giving access to servers and databases hosted on Google Cloud services. We follow strict internal monitoring processes on a frequent basis. It is our utmost priority to prevent outsider and/or insider threats in form of unauthorized system access with controls requiring a username and password.
How often are you audited? Can we view those audit reports?
We are not currently audited by any external parties
Do you encrypt data at rest and in transit?
Our product runs on Google Cloud services allowing us to inherit many security controls and features. We’ve also made sure to activate encryption of data a rest and configured a strong SSL certificate to encrypt data in transit.
Extended answer: As we host data through Google Cloud services, we rely on Google security systems that encrypt all customer content stored at rest, without any action from the customer, using one or more encryption mechanisms. To the same point, encryption in transit through Google Cloud services protects user data. This protection is achieved by encrypting the data before transmission; authenticating the endpoints, and decrypting and verifying the data on arrival.
Do you comply with all Federal and State laws around Student Data (FERPA, COPPA, SOPPA)?
Based on the nature of our SmartClass platform and the way we handle user data; we do not comply with FERPA, but use it as a reference. Parents can see what the student (user) is doing, and parents can ask for corrections to data that is deemed false.
CORPA: NO! We do not have a system that limits the amount of data, for example, if the student does more than 500 activities, we continue to record the data.
SOPPA: YES! We have logging and monitoring mechanisms in place to try to detect these data breaches.
Note: SmartClass is not a learning management system (LMS). We do not offer any parent access.
Contact us if you would like more information.