EduNav builds the procedures to create and then support the level of robust security posture. It involves the customer’s related environments as well as internal employees’ related.
EduNav designs its processes and procedures related to EduNav SmartPlan system to meet its objectives for its EduNav SmartPlan services provided to the customer. Those objectives are based on the service commitments that EduNav makes to user entities, the laws and regulations that govern the provision of EduNav SmartPlan system services, and the financial, operational, and compliance requirements that EduNav has established for the services. SmartPlan system services of EduNav are subject to the security and privacy requirements of the state privacy security laws and regulations in the jurisdictions in which EduNav operates.
EduNav’s security commitments to user entities are documented and communicated via EduNav Support Documents on FreshDesk portal, as well as in the description of the service offering provided online upon the customer’s request. Security commitments are standardized and include, but are not limited to, the following:
- Use of up to date and secure encryption technologies to protect customer data both at rest and in transit.
- Enforce the principle of least privilege to network and application access
- Logical separation of each customer’s data with a logical access separation to the environments based on roles with controlling access not only on environment level but also on services deployed for those environments.
- Robust Vulnerability Management in conjunction with Patch Management in place to protect customers from detected vulnerabilities.
- Formal Change Management process in place.
- Monitoring the incidents related to security and availability of services provided to the customer with defined and strict Incident Response procedure in place.
- Formal vendor security assessments to determine their trustworthiness.
- Implemented by EduNav Business Continuity and Disaster Recovery plans to ensure the high availability of the provided services.
- EduNav implemented data destruction and data retention procedure to ensure that no data is being stored or/and processed without valuable purpose for it.
EduNav establishes operational requirements that support the achievement of security commitments, relevant laws and regulations, and other system requirements. Such requirements are communicated in EduNav's system policies and procedures, system design documentation, contracts with customers and via a support portal created for customers.
Information security policies define an organization-wide approach to how systems and data is protected. These include policies around how the service is designed and developed, how the system is operated, how the internal business systems and networks are managed and how employees are hired and trained. In addition to these policies, standard operating procedures have been documented on how to carry out specific manual and automated processes required in the operation and development of the EduNav SmartPlan system.