Security and Privacy at EduSynch
Last revised on January 1, 2023
At EduSynch, security is not just an afterthought—it is fundamental to our mission. Our commitment to helping our customers improve their security and compliance posture starts with our own.
Our Security and Privacy teams establish policies and controls, monitor compliance with those controls, and demonstrate our security and compliance to third-party auditors. These policies are based on the following foundational principles:
- Access is limited to only those with a legitimate business need, granted based on the principle of least privilege.
- Security controls are implemented and layered according to the principle of defense-in-depth.
- Security controls are applied consistently across all areas of our organization.
- The implementation of controls is iterative, maturing continuously across the dimensions of improved effectiveness, increased auditability, and decreased friction.
EduSynch is fully GDPR compliant. We do not store or save any biometric data.
2. Data Protection
At EduSynch, we take data protection seriously. Our approach includes encryption for data at rest and in transit, and stringent management of encryption keys and other secrets.
3. Product Security
We partner with industry-leading security consulting firms for regular penetration testing. All areas of the EduSynch product and infrastructure are in-scope for these assessments.
Moreover, we require vulnerability scanning at key stages of our Secure Development Lifecycle.
4. Enterprise Security
All corporate devices are centrally managed and equipped with mobile device management software and anti-malware protection. We use a risk-based approach to vendor security and secure remote access to internal resources using modern VPN platforms.
EduSynch provides comprehensive security training to all employees upon onboarding and annually through educational modules. New engineers also receive training focused on secure coding principles and practices.
We use industry-standard solutions to secure our identity and access management. Employees are granted access to applications based on their role, and automatically deprovisioned upon termination of their employment.
5. Data Privacy
At EduSynch, data privacy is a first-class priority. We strive to be trustworthy stewards of all sensitive data, and we continuously evaluate updates to regulatory and emerging frameworks to evolve our program.
6. Responsible Disclosure
If you`re looking to report a security concern, please visit ourResponsible Disclosure page.