Design and Compliance
In a climate of data breaches and privacy concerns plaguing the software industry, Educational Measures (EM) has made several strong commitments to security. All EM servers which process or store customer data are located in monitored, restricted-access data centers. EM is compliant with SOC 2 standards for safety and security and is fully GDPR-compliant as of May 25th, 2018.
All technologies used at EM are reviewed each month for vulnerabilities and configuration mistakes that could cause data to be leaked through a process known as penetration testing. Any issues uncovered by our monthly penetration testing are remediated by our Engineering team as part of their regular development work.
Educational Measures is also actively working to maintain its company culture of information security and technological excellence. By using modern technologies maintained to enterprise standards of code quality and reliability, EM empowers all of our employees to keep data safe and secure, regardless of role or responsibility. All EM employees are vigilantly working to protect customer data at all times.
Because of our emphasis on security and data protection, anyone who engages EM can rest easy knowing that their data will always be handled in a manner consistent with the absolute highest standards of technical expertise, procedural conscientiousness, and diligent care.
Event and Meeting Security
One of the greatest risks for security breaches are during meetings and events. Hotels and public venue spaces are notorious for cyber-attacks and data theft. EM solves this problem by setting up our own highly-controlled network environment in most of our deployments, creating a secure space for data and information to be transferred and stored.
We configure wireless networks on-site using WPA2 encryption so that only approved devices can connect. Traffic to and from our application to participant devices are sent encrypted over HTTPS preventing breaches like “man-in-the-middle” attacks. Additionally, our on-premise servers used at events implement secure password authentication and utilize drive encryption which protect data even if a malicious actor were to gain physical access.