Design and Compliance

 

In a climate of data breaches and privacy concerns plaguing the software industry, Educational Measures (EM) has made several strong commitments to security.  All EM servers which process or store customer data are located in monitored, restricted-access data centers.  EM is compliant with SOC 2 standards for safety and security and is fully GDPR-compliant as of May 25th, 2018.

All technologies used at EM are reviewed each month for vulnerabilities and configuration mistakes that could cause data to be leaked through a process known as penetration testing.  Any issues uncovered by our monthly penetration testing are remediated by our Engineering team as part of their regular development work.

01-compliance.png
02-security-lock.png

Culture of Security

Educational Measures is also actively working to maintain its company culture of information security and technological excellence.  By using modern technologies maintained to enterprise standards of code quality and reliability, EM empowers all of our employees to keep data safe and secure, regardless of role or responsibility.  All EM employees are vigilantly working to protect customer data at all times.

Because of our emphasis on security and data protection, anyone who engages EM can rest easy knowing that their data will always be handled in a manner consistent with the absolute highest standards of technical expertise, procedural conscientiousness, and diligent care.

Event and Meeting Security

 

One of the greatest risks for security breaches are during meetings and events. Hotels and public venue spaces are notorious for cyber-attacks and data theft.  EM solves this problem by setting up our own highly-controlled network environment in most of our deployments, creating a secure space for data and information to be transferred and stored.

We configure wireless networks on-site using WPA2 encryption so that only approved devices can connect.  Traffic to and from our application to participant devices are sent encrypted over HTTPS preventing breaches like “man-in-the-middle” attacks.  Additionally, our on-premise servers used at events implement secure password authentication and utilize drive encryption which protect data even if a malicious actor were to gain physical access.

03-network-security.png
04-user-privacy.png

User Privacy

 

Educational Measures respects and strives to protect the privacy of those who participate in live meetings and events using our Array platform.  In addition to our security standards, we are GDPR-compliant as of May 25, 2018.  This includes updates to our privacy policy with clarity as it pertains to why personally identifiable information (PII) is needed, for what purpose it is used, and how long this information is kept.  We also utilize an active opt-in within Array, and have defined processes for handling requests for access and removal of PII. 

 

Click here to view our Array Privacy Policy and instructions for access and removal of PII