Studybugs provides a service to the general public and to schools, that lets people report when they or their children are sick, and helps schools manage attendance. As part of the service it’s necessary that we handle personal data and we go to great lengths to keep that data safe and secure at all times. This document details some of the security measures we take and policies we have in place.
We couldn’t run Studybugs without inspiring trust in our handling of users’ private data. We work hard to earn the trust of our users and our commitment to user privacy directs the decisions we make each day. Trust is the responsibility of each and every employee and one we take seriously.
Studybugs’s physical infrastructure is hosted and managed by Amazon in the Republic of Ireland.
Amazon has many years’ experience in designing, constructing and operating large-scale high-security data centres. Amazon data centres are housed in deliberately nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilising video surveillance, state of the art intrusion detection systems, and other electronic means. Authorised staff must pass two-factor authentication no fewer than three times to access data centre floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorised staff.
Amazon only provides data centre access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon. All physical and electronic access to data centres by Amazon employees is logged and audited routinely.
Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data centre operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
For additional information see: https://aws.amazon.com/security
Firewalls are utilised to restrict access to systems from external networks and between systems internally. By default all access is denied and only explicitly allowed ports and protocols are allowed based on business need. Each system is assigned to a firewall security group based on the system’s function. Security groups restrict access to only the ports and protocols required for a system’s specific function to mitigate risk.
Our infrastructure provides DDoS mitigation techniques including TCP Syn cookies and connection rate limiting in addition to maintaining multiple backbone connections and internal bandwidth capacity that exceeds the Internet carrier supplied bandwidth.
Managed firewalls prevent IP, MAC, and ARP spoofing on the network and between virtual hosts to ensure spoofing is not possible. Packet sniffing is prevented by infrastructure including the hypervisor which will not deliver traffic to an interface which it is not addressed to.
Port scanning is prohibited and every reported instance is investigated by our infrastructure provider. When port scans are detected, they are stopped and access is blocked.
Communications with our servers over the public internet are encrypted. Studybugs’s web site uses HTTPS by default and any attempt to access it over an unencrypted connection is redirected to HTTPS. Studybugs’s mobile apps also communicate with our servers using encrypted connections.
The majority of communication with our database servers takes place entirely behind our security firewall. Where remote connections to the database servers are established, they are always encrypted using SSL.
All access to user accounts on Studybugs requires password authentication. Staff users may only be granted school account access by a designated school staff member with administrative access permissions. Should a member of staff leave the school, their access to Studybugs can be revoked immediately in a similar way.
User passwords are hashed before storing using a random salt specific to each password. This is a one-way process and the original passwords are discarded immediately. It is therefore not possible for anyone, even Studybugs support staff with database access, to view users’ passwords.
Software Quality Control
Studybugs’s server software is built using a strict “strongly typed” programming language called Scala, chosen with privacy in mind, which introduces a level of rigour and – with the help of some important design decisions – rules out many of the kinds of security failures that sometimes occur in other companies’ systems.
We run a comprehensive suite of automated tests on every updated version of the software before it’s released. This suite includes tests that verify our privacy notice is adhered to consistently. As we add new functionality, we also add new automated tests to verify continued compliance.
In addition to automated tests, we carry out extensive pre-release manual testing using a replica of the live server environment with test data.
All tests must be passed before a new software release is authorised.
Decommissioning hardware is managed by our infrastructure provider using a process designed to prevent data exposure. Our provider uses techniques outlined in DoD 5220.22-M (“National Industrial Security Program Operating Manual”) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data.
Backup and Disaster Recovery
User and school data is backed up continually and automatically, on secure, access-controlled, high-durability storage across multiple data centres. Every change is written to write-ahead logs and in the unlikely event of unrecoverable hardware failure, these logs can be automatically 'replayed' to recover the database to within seconds of its last known state. In addition to these backup procedures, our infrastructure is designed to scale and be fault tolerant by automatic replacement of failed instances, reducing the likelihood of needing to restore from backup.
In the event of a major outage, for example affecting an entire data centre, our infrastructure platform is able to automatically restore servers and data, dynamically re-deploying them if necessary in a different data centre.
Although it’s not a legal requirement, it’s Studybugs’s policy that all our staff, regardless of what data they have access to, are – as is the case with school staff – DBS-checked to the highest permitted level.
Private user and school data is access-controlled and Studybugs staff members only have access as needed for support purposes or where required by law.