.svg){kind=small}
Our Commitment to Security
At ASSISTments, security is at the core of everything we do. We are committed to protecting customer data, ensuring system integrity, and maintaining the highest standards of security, compliance, and privacy. Our policies and procedures align with SOC 2 Trust Service Criteria (Security, Availability, Processing Integrity, Confidentiality, and Privacy) and best practices from frameworks like NIST and ISO 27001 to provide a secure and reliable environment for our users.
All policies are reviewed and approved by senior leadership on an annual basis. Every employee receives mandatory security training upon hire and annually thereafter, ensuring company-wide awareness and accountability.
We undergo regular independent audits to validate our commitment.
Access Control
Role-based access, least privilege, and multi-factor authentication are required for all sensitive systems. Access is reviewed regularly and removed promptly when no longer needed.
Incident Response
We follow a formal, tiered incident response plan that covers identification, containment, communication, and remediation. All high and critical incidents include root cause analysis and stakeholder reporting.
Data Management
Data is classified by sensitivity and handled accordingly. Customer data is encrypted at rest and in transit, and securely deleted upon contract termination or request.
Secure Development
Security is embedded into our software development lifecycle (SDLC). All code is peer-reviewed, vulnerability-scanned, and tested prior to deployment.
Vendor Risk Management
All third-party vendors are vetted for security, compliance, and data handling standards. We require contractual commitments to data protection and conduct ongoing monitoring of critical providers.
Cryptography Standards
We follow NIST-recommended standards for encryption and key management. All sensitive data is encrypted using AES-256 and transmitted over TLS 1.2+.
Physical and Endpoint Security
Devices are centrally managed and protected with disk encryption, and antivirus software. Physical access to our offices and systems is restricted and logged.
Monitoring & Threat Detection
Our systems are monitored continuously using tools like Datadog and CloudWatch for performance, availability, and anomalies. We use Dependabot and internal scanners to identify and address vulnerabilities in real-time, and we perform annual penetration tests on our production environment.
Availability & Uptime
ASSISTments maintains high availability through AWS-backed infrastructure, automated scaling, and disaster recovery protocols. We perform daily encrypted backups, retain data according to customer agreements, and conduct annual recovery testing as part of our Business Continuity Plan.
Data Privacy
We follow applicable privacy regulations, including COPPA and FERPA, for educational data. Data subject requests for access, correction, or deletion are honored in accordance with regulatory obligations.
We continuously evaluate and update our security policies in response to emerging threats, business needs, and regulatory requirements.
Contact us to request security documentation or our SOC 2 Type II report.
FAQs
How does ASSISTments protect my data?
We use encryption in transit and at rest, access controls, continuous monitoring, and regular security reviews to safeguard all personal and institutional data. Data is encrypted at rest using AES-256-bit encryption and in transit using TLS 1.2 or higher.
Where is my data stored?
Your data is stored in secure, U.S.-based data centers operated by reputable cloud providers that meet strict compliance standards.
Who can access my data?
Only authorized ASSISTments personnel with a legitimate business need can access your data, and all access is logged and monitored.
How long do you keep my data?
We retain data only as long as necessary to provide our services and meet legal or contractual obligations. You may request data deletion in line with our retention policy.
How do you handle incidents or breaches?
We have an established incident response plan that includes rapid investigation, containment, and notification to affected parties in compliance with legal requirements.
Does ASSISTments share my data with third parties?
Only authorized ASSISTments personnel with a legitimate business need can access your data, and all access is logged and monitored.We do not sell your data. We share data only with vetted service providers necessary to operate our platform, under strict contractual and confidentiality obligations
Got Other Questions?
For questions about our security practices or to report a concern, email us at contact@assistments.org
.avif)
