Actively Protecting Student Information & School Data
Accessing school and student information via the Internet is a powerful feature but it comes with security concerns.
Data Segregation: Logical Separation of Customer Information
Data in the SchoolFront school management system (SMS) is segmented using multiple constructs, for example District, School, School Year, Role, and User. Your school would likely exist as a single-school district in the system.
All data returned (displayed) by the system for a given user is filtered on at least one, if not all of, the following unique segmentations: DistrictID, SchoolID, YearID, RoleID, UserID. The following is true of security and data segmentation in the SMS):
Only people with a username and password can access ANY information in the SchoolFront (SMS).
All users only have access to the district in which their user record was created.
When a customer first begins licensing SchoolFront, the SchoolFront team enables access for only the district’s designated system administrator(s)—i.e. those with the highest level of system clearance.
Only system administrator(s) can grant system access to others in the district. SchoolFront personnel refer all others requesting system or information access for a given district to the system administrator(s) of that district. This includes access requests from other district/school staff members, parents/guardians, students, etc.
All users only have access to the school(s) and school year(s) in the district to which they have been granted access by the system administrator(s).
Roles can be added and removed from users by system administrators. A user can have multiple roles in the system and can toggle between the roles without logging out and into the system.
All users only have access to the information and functionality granted by their role(s) in the system.
There are multiple school staff roles which grant variable levels of access to the staff user (e.g. teacher, administrator, discipline, health/medical, admissions, etc.)
The “family” role allows the user with the role to only view the information of the student(s) linked to the user as “children” (i.e. parents/guardians can only see the information of their child or children in the system).
The “student” role allows the user with the role to only view his/her own information.
Student & School Privacy & Data Integrity
The privacy of SchoolFront users and the integrity of school data are of the utmost importance to us at SchoolFront. For security reasons only an appointed member of a school's administrative staff can grant anyone access to SchoolFront or the information within.
This means that even members of the Support Team Staff at SchoolFront are not permitted to grant anyone access to the system.
Therefore if users experience any difficulty accessing or using SchoolFront, or if someone would like another member of a student's family to be given access to the system, they must go through an appointed gatekeeper at the school.
Initial administrators are added by the SchoolFront Support Team. All future user management is completed by the school. Authentication settings included session length, password strength and the ability to disable a user’s access to SchoolFront.
Data is encrypted in motion using SSL. Certain data is encrypted at rest including user data. All off-site backups are encrypted.
Physical Security & System Monitoring
FrontEdge Inc. employs data protection and security best practices in the maintenance of the SchoolFront system. Many schools and districts do not have the security resources required to monitor and deploy a secure solution the way FrontEdge Inc. does.
SAS70 Compliant Data Center & 24 x 7 System Monitoring
FrontEdge Inc. houses the SchoolFront hardware in an SAS70 compliant data center where the system is protected via secure network hardware and 24 x 7 monitoring, which prevents intrusions.
Click on an item on the left for more information.
Access to the data center is restricted only to authorized personnel. Onsite data center security personnel monitor all perimeter doors, security alarms, and digital surveillance video cameras which capture and record entry and exit activity.
Authorized members of the SchoolFront Support Team have direct access into the facility 24 hours a day, 365 days a year.
The data center provides continuous power with power protection provided through multiple un-interruptible power supplies and battery backup to ensure a clean and stable supply of power. Emergency diesel power generators are automatically activated in the event of a power disruption.
The data center is equipped with redundant, independent cooling units designed to keep all customer equipment operating at optimum efficiency. Temperature and humidity are electronically controlled using sensitive moisture sensors.
Data center fire detection and suppression is handled via systems on the floor and ceiling, which are monitored by a multi-zone smoke and fire detection system.
SchoolFront hardware is stored in secured cage cabinets housed on an 18-inch raised floor to accommodate cabling and cooling.
Category 5e & 6 and/or optical fiber cabling with Gigabit Ethernet capabilities are used in the data center. Cables are routed under the raised floor in protective cable trays to ensure a traceable, secure cable route.