Please see Renaissance’s global policies on Information Security, Data Privacy, and the Privacy Hub for company-wide policies. This article is intended to provide additional detail about how Schoolzilla by Renaissance securely supports data connections to power your dashboards.
What expertise do Schoolzilla by Renaissance employees have in data security? What training do they receive? Who can access our data?
Every Schoolzilla by Renaissance employee completes training on the importance of and methods for protecting pupil records. Training consists of how to remain compliant with federal and state regulations (e.g. FERPA), Renaissance policies, and general security posturing (including techniques such as Two Factor Authentication, Drive Encryption, creating and managing strong passwords, etc.) to protect sensitive data. Developers peer-review code to make sure changes adhere to best practices for security. Administrators are knowledgeable of security practices and harden the infrastructure with necessary patches, monitor security resources for advisories and vulnerabilities, and scan the environment and application to ensure that student information remains secure. Additionally, all Schoolzilla by Renaissance teammates participate in the Renaissance wide requirements of annual Global Privacy and Information Security training and anti-phishing awareness programs.
Access to your data is limited to teammates actively supporting you, including your set up team, the Schoolzilla by Renaissance support team, and Schoolzilla by Renaissance engineers resolving escalated support issues.
How are data encrypted? How are our credentials secured? Where are your data centers located?
Data are encrypted both in transfer and at rest in our US-based AWS data center, which also houses our encrypted database backups. Automated retention policies and secure deletion practices are in place to ensure data is safely removed when necessary and following Renaissance's data privacy and security policies. Schoolzilla by Renaissance uses AES256 for data encryption, and bcrypt for hashing application passwords. The specific encryption methods are:
- Ingress:
- APIs: HTTPS
- Files: SFTP or FTPS for file transfers, and HTTPS to upload files to MyData
- RDBMS: ODBC via an encrypted means (SSL or IPSEC)
- Egress:
- Browser: HTTPS
- RDBMS: ODBC via an encrypted means (SSL)
All credentials affiliated with your data connection are stored in a secure password vault.
How is personally identifiable information (PII) protected?
Schoolzilla by Renaissance has experience protecting large amounts of PII. Using processes we have developed to support our FERPA-compliant data warehouses, we start by making sure that access to production data is limited to authorized personnel. As discussed here and in Connecting your SIS to Schoolzilla by Renaissance Using ODBC, all database connections are made via a secure pipeline, such as VPN, and encrypted in transit and at rest. Lastly, identified sensitive PII fields, such as social security numbers and passwords, are not included in any extract from your system.
How is Schoolzilla by Renaissance made aware if there is an issue with its infrastructure? What is the response?
Schoolzilla by Renaissance uses industry-standard tools for monitoring and alerting (for example Datadog, AWS Cloudwatch, AWS GuardDuty, PagerDuty) in addition to Renaissance company-wide infrastructure monitoring to ensure system performance and security. Among other things, these tools verify that our services are available and help to notify us of system irregularities that might suggest suspicious behavior (such as Denial of Service attacks). Servers are patched regularly to address emerging threats, and Windows servers use Defender to protect against various malware. Additionally, Schoolzilla by Renaissance regularly works with outside security firms to perform penetration testing against the Schoolzilla by Renaissance network and application, and is committed to doing so annually.
While we work to proactively prevent activities that lead to outages, we have defined processes to ensure disaster recovery capability. We prepare a number of database, storage, and machine backups. In the event of an incident, we aim to have application functionality restored as quickly as possible with little to no data loss.
In the event of a security incident, Schoolzilla by Renaissance follows a Security Incident Response Plan to address the incident and notify those who may be impacted. Schoolzilla by Renaissance ’s procedures are intended to stop the risk of exposure of PII, restore services to full functionality, and take preventative action to make certain that similar incidents cannot be repeated. Care is taken to preserve evidence when possible to support data security professionals and Law Enforcement personnel who may be engaged to ensure sensitive information is protected. When the scope and impact of the incident is determined, Schoolzilla by Renaissance notifies users if their data was compromised as soon as reasonably possible.
What permissions do users on the platform have to our district’s data?
Role based access controls are used within the Schoolzilla by Renaissance web application. These roles determine which dashboards are displayed, what underlying data the user can access, and the availability of features on the web site. See User Roles & Permissions. All users, regardless of role, can only see data associated with their organization.