<Exit>

 

 
Security Whitepaper

NuXight, operates the services offered on NuXight.com (the "NuXight Website"), including the NuXight platform (the "NuXight Platform"), and any associated mobile applications (the "NuXight Apps") or products and services that Company may provide now or in the future (collectively, the "Service").
Protecting data privacy and security is a top priority for NuXight. Our Privacy Policy solidifies the commitments that NuXight and schools make to each other, including our security and privacy commitments. We regularly evaluate our policies and practices to improve security and to keep up with the latest practices of the security industry.
Should you have security or privacy questions, please reach out to our team at privacy@NuXight.com




Infrastructure Security


Encryption at Rest and In Transit

NuXight stores its data within an AWS region that is FedRAMP compliant.

Access to the NuXight Service occurs using encrypted connections
(HTTP over TLS, also known as HTTPS) which encrypt all data before it leaves the NuXight Service's servers and protects that data as it transits over the internet. All of our Services are in Amazon Web Services (AWS) and served from Elastic Load Balancer (ELB). We use HTTP Strict Transport Security to ensure that pages are loaded over HTTPS .
Student Data is stored at our Service Provider, AWS, and the following applies to their technical and organizational measures. In addition, we secure decentralized data processing equipment and personal computers.

Network Security

The AWS cloud infrastructure has been designed and managed in compliance with regulations, standards, and best practices, including HIPPA, SOC 1/SSAE 16/ISAE 3402 (formerly SAS70), SOC 2, SOC 3, PCI DSS Level 1, ISO 27001, FedRAMP, DIACAP and FISMA, ITAR, FIPS 140-2, CSA, and MPAA. Network access to the NuXight Services infrastructure is highly restricted. AWS hosted infrastructure resides in a dedicated Virtual Private Cloud (VPC) which is designed to ensure that only authorized traffic over approved ports is allowed. Learn more about Amazon’s security policies here

Backups and Availability Control

We have adapted a data backup and recovery capability that is designed to provide a timely restoration of the NuXight Services, with minimal data loss, in the case of catastrophic failure. These backups are encrypted and stored in multiple availability zones. Additional technical and organizational measures to ensure that Student Data are protected against accidental destruction or loss (physical/logical) include:

  • Uninterruptible power supply (UPS);
  • Remote storage; and
  • Firewall systems.

Note: Student Data is stored at AWS - and the above applies to their technical and organizational measures such as MongoDB. In addition, we have a disaster recovery plan in place.

Physical Security


Physical Access Controls


Security measures to prevent unauthorized persons from gaining access to the data processing systems available in premises and facilities (including databases, application servers and related hardware), where Student Data are Processed*, include:

  • Establishing security areas, restriction of access paths;
  • Establishing access authorizations for employees and third parties;
  • Access control system (ID reader, magnetic card, chip card);
  • Key management, card-keys procedures;
  • Door locking (electric door openers etc.); and
  • Surveillance facilities, video/CCTV monitor, alarm system.

Note: The NuXight Services and Student Data are currently hosted in AWS , which employs industry- leading physical security measures to protect their data centers and the above applies to their technical and organizational measures. These security features are regularly audited by third ­party auditors. You can learn more about AWS' physical security here.

Access Control

Security measures to prevent data processing systems used for Student Data from being used by unauthorized persons include:

  • User identification and authentication procedures;
  • ID/password security procedures (special characters, minimum length, change of password); and
  • Encryption of archived data media.

Disclosure Control

Security measures to ensure that Student Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage on storage media (manual or electronic), and that it can be verified to which companies or other legal entities Student Data are disclosed, include:

  • Encryption/tunneling;
  • Logging; and
  • Transport security.

    Entry Control

    Security measures to monitor whether Student Data have been entered, changed or removed (deleted), and by whom, from data processing systems, include:

    • Logging and reporting systems; and
    • Audit trails and documentation.