Security
FACTS School Management rigorously evaluates and consistently tests its detailed security standards to ensure their educational value and effectiveness.
Application Security and Encryption
Ensuring the security of our product involves strong application security and encryption practices. Data is safeguarded through encryption at rest and during transit, using industry-standard encryption algorithms. Routine security assessments identify and address potential vulnerabilities within the application, contributing to a secure environment for our users.
Cybersecurity
Cybersecurity is a foundational element of our defense strategy where we implement wide-ranging security measures, including firewalls, safeguards against distributed denial-of-service (DDoS) attacks, intrusion detection and prevention systems, secure network architecture and NGAV (Next-Generation Antivirus) for threat detection and response. Proactive threat intelligence is used to stay ahead of evolving cybersecurity risks, providing a resilient defense against malicious activities and other network-based threats, ensuring the integrity and availability of our services.
Testing and Threat Assessment
To maintain a proactive security posture, we undertake regular testing and threat assessments. This includes penetration testing, vulnerability scanning, and coding reviews. The results guide our ongoing efforts to enhance security controls and address emerging threats promptly, ensuring a robust and resilient threat defense.
Physical Security
Our data centres and infrastructure are located in secure facilities with restricted access. Surveillance, access controls, and environmental monitoring are in place to protect against unauthorized physical access and potential threats to the physical infrastructure.
Compliance
Data Protection
We implement various measures to secure customer data throughout its lifecycle, including encryption during transmission and storage. To mitigate the impact of data loss or system failures, we employ data backup and recovery mechanisms to quickly restore data and services in the event of an unforeseen incident, ensuring business continuity and data integrity. We will comply with data protection regulations like GDPR (General Data Protection Regulation) to safeguard user data and maintain our high standards of privacy and security.
ISO 27001 Compliance and Auditing
We have a strong emphasis on information security and compliance, aligning with the rigorous standards set forth by ISO 27001. The implementation of a comprehensive information security management system (ISMS) ensures that we follow industry best practices for handling sensitive data. Regular internal and external audits are conducted to assess the effectiveness of our security controls, risk management processes, and overall compliance with ISO 27001 requirements.
Compliance Training
To cultivate a security-focused culture within our organization and meet compliance requirements, we regularly conduct training and awareness programs for employees. Professional development courses are also offered to support our compliance efforts. This ensures that all individuals involved in product development, maintenance, and operation are well-versed in best practices, minimizing the risk of human errors that could lead to vulnerabilities and enhancing the overall security and integrity of our operations.
Business Continuity
Disaster Recovery
Our disaster recovery plan is designed to mitigate the impact of catastrophic events. This plan encompasses backup strategies, data recovery processes, and infrastructure redundancy. Regular testing and simulations of various scenarios are conducted to validate the effectiveness of our procedures. This proactive approach ensures that, in the event of a disaster, our systems can be restored efficiently, safeguarding data integrity with minimal impact on our users.
Infrastructure, Reliability, and Redundancy
Our hosting contains redundancy, including failover mechanisms and distributed architecture, to enhance system reliability. This approach not only fortifies our infrastructure against potential failures but also provides a resilient platform to meet the performance expectations of our users.