How We Safeguard Student Data
At Edulog, we are committed to adhering to industry standards for application security, as outlined in our SOC 2 Type 2 Report. Below are some of the key best practices we follow:
Edulog Security
Our team conducts continuous security measures to stay ahead of evolving risks. By combining industry best practices with a culture of security awareness, we ensure the integrity, confidentiality, and availability of our clients' and company's critical information.
SOC 2, Type 2 Certification
SOC 2 assesses how well a company protects data based on five trust service criteria. To remain compliant, we will undergo yearly audits to ensure our adherence to the SOC criteria.
Third Party Reviews
Edulog undergoes regular third-party audits to ensure our adherence to the SOC criteria.
Internal Training
All Edulog employees are required to undergo ongoing security awareness training, as well as routine security simulations to keep employees alert and prepared.
Bug Reporting
How to Report Security Vulnerabilities
Edulog appreciates and values our clients and partners as well as the security research community, who cooperate with us to proactively and responsibly disclose security vulnerabilities so patches can be made available.
If you discover a vulnerability, please report it by sending an email to security@edulog.com. All emails to this address are promptly reviewed by members of Edulog’s security team.
Guidelines for Reporting
For the protection of our customers and our own systems and infrastructure, Edulog does not disclose or discuss security issues until our internal research is complete and any necessary patches are available. We ask that all who report comply with the following guidelines when reporting a vulnerability:
- Allow Edulog an opportunity to address a vulnerability within a reasonable time period
- Do not publicly share information about the vulnerability prior to updates being available
- Make a good faith effort to avoid privacy violations and destruction, interruption, or segregation of Edulog services or applications
- Do not freely exploit, modify, or destroy data that does not belong to you.
Edulog’s application security team is responsible for triaging and managing product related vulnerability reports, which includes confirming the vulnerability, assigning risk and impact, working with our engineering teams on a fix, testing and releasing the fix, and communicating to clients. We are committed to working with those who report issues via these guidelines, and we aim to quickly resolve any issues.
Security Advisories
Fraudulent Emails Sent to Clients
Edulog has been made aware of bad actors impersonating Edulog staff in an attempt at fraudulent activity, namely requesting the set-up of up a direct deposit account….Read more
Implementing Solutions to Safeguard Sensitive Data
In January, we were alerted by one of our vendors, Karros Technologies, regarding a potential vulnerability in its email verification services. The vulnerability, discovered by a white-hat…Read more
How Teamwork Keeps Our Data Safer
In September, we were alerted by an exposure management company regarding a potential vulnerability relating to the configuration of an endpoint in Parent Portal. We immediately investigated…Read more
General FAQs
What is SOC Compliance?
SOC 2 is a security and compliance standard that offers guidelines for service organizations to protect sensitive data from unauthorized access, security incidents, and other vulnerabilities.
For a detailed overview of our data protection measures, you can request access to our latest SOC 2 report, available in the “Compliance” section of our Trust Center.
What is the Trust Center?
The Trust Center linked throughout this page is an extension of our security and compliance monitoring service. Within the Trust Center, our clients can request access to documentation relevant to our security and compliance.
Let's Work Together
Reach out to us at security@edulog.com with questions or concerns.