Security and Data Safety
Comprehensive Approach to Managing Academic Operations
Implementing your institution in the APL nextED platform involves a comprehensive approach to managing academic operations. It starts with configuring the APL system hierarchy, including users, roles, and permissions. This enables institutions to tailor the system to their unique needs and ensure that only authorized users have access to specific information.
Password Strength and Security
Password strength and security are also essential components of this process to safeguard sensitive data. APL security features ensure that data is protected, and access is restricted to authorized users only.
APL nextED Systems Security
SOC2 Compliance and Comprehensive Safeguards
APL is dedicated to upholding SOC2 compliance and its requirements, ensuring the highest standards of security and data protection. Our Security Statement comprehensively outlines numerous safeguards, such as advanced monitoring, logical backups, intrusion detection, vulnerability scans, secure coding practices, extended validation SSL encryption, and controlled employee access.
Security Policies and Best Practices
Our Security Policies document encompasses various aspects, including encryption, employee access, password management, infrastructure, redundancy, backups, event and availability monitoring, logging, DevOps automation, secure development practices, agile project management, and vulnerability scans and intrusion detection.
Cloud Data Center and Redundant Architecture
APL’s cloud data center is fully SSAE 16 Compliant and hosted with Amazon Web Services, with access restricted to core Operations staff. Our servers are configured for redundancy, distributed and fault-tolerant architecture, and automatic recovery. We maintain hourly backups and regularly test their integrity.
DevOps and Continuous Integration
We log all critical system events to a central syslog server and utilize leading DevOps software to programmatically template, provision, and recover systems in case of failure. Continuous Integration enables automated user acceptance testing and unit testing. Agile methodology software manages and prioritizes new feature development schedules. APL also engages third-party vendors to scan public endpoints for software and service vulnerabilities, prioritizing any detected issues.
Access Control Measures and FERPA Compliance
Strict access control measures are in place for both employee and user data access, with retention policies purging all data upon service termination. A secure SFTP gateway facilitates data import and export, and APL can integrate with existing federated single-sign-on services, such as Okta, OneLogin, Azure, and others using the latest SAML 2.0 protocols. The APL platform can be tailored to selectively restrict data access to specific user roles within an organization. In order to best protect students, faculty, staff, and administrators at our partner institutions, we closely monitor and follow all FERPA laws and regulations.
Trust APL nextED
Prioritizing Your Security and Data Safety Needs
Trust APL to prioritize your security and data safety needs. Our platform offers comprehensive security measures and best practices to protect your data and restrict access to authorized users only.