Digital Measures takes security extremely seriously. A breach of your campus’s information would be catastrophic, and we take all measures necessary to ensure that doesn’t happen.
Security of Our Data Centers
In cases where it is in our best interest to work with a vendor, we have a strong preference for large, well-established vendors. Our data partners feature mature security processes and controls due to their vast resources and experience. This results in a higher level of care and concern for the safety and privacy of your information.
Read more information about our primary datacenter.
Digital Measures collects and stores data in partnership with Oracle. Oracle manages our technology, including our servers and networking equipment housed in two SAS 70/SSAE 16 certified locations. Both our primary and backup datacenters contain, among many other features, redundant Internet connections, power connections, cooling, and fire suppression systems. The data centers include strict access control procedures, including biometric hand scanners to gain access to the locked, caged server rooms where armed, trained security guards are on staff at all times, and security access logs.
Our contract with Oracle requires complete confidentiality of all data stored by us on behalf of our clients.
In addition, Oracle creates three sets of backups of all of our clients’ data every night. We then create another two sets of backups of all of our clients’ data every night. Finally, in case of a disaster at our primary datacenter, Digital Measures maintains a warm secondary datacenter that we can fail-over to within 20 minutes, with no data loss.
Security of Our Servers
Likewise we take the security of our servers very seriously. All servers are configured for high levels of redundancy, including power, network connections, and hard drives. Server builds are automated to ensure consistency across machines. All network equipment is configured for automatic failover. Data are not shared with other clients. Data are encrypted in transit and at rest. Intrusion detection systems, firewalls, hardened server environments, and more are used to protect our clients’ data.
Servers are continuously patched, and access is restricted to only secure connections from known machines, and strict passwords are enforced. Logs related to security are maintained in perpetuity. All hardware and operating systems are monitored and managed by Oracle Remote Operations Management. Digital Measures also maintains a redundant metrics and monitoring infrastructure that covers server hardware, operating systems, and application infrastructure, ensuring no single point of failure. Automatic notifications of any problems are sent to our IT staff at all times. In addition, our core applications are checked by third party monitoring services, with call-outs to critical staff in the event of an outage or performance degradation.
Security of Activity Insight
Activity Insight includes many core protections that are continually monitored and upgraded to protect your data from potential hackers such as an extensive permissions checking framework, at multiple levels, to validate a user's authorization and access. Additionally, standards-based encryption and digital signatures are used appropriately to ensure the confidentiality and integrity of data when handled by unprivileged users. Digital Measures conducts both internal and external security audits annually. All changes made by users to the data stored within Activity Insight are audited. For any change ever made in Activity Insight there is a log of who made the change, the day and the time the change was made, the old value prior to the change and the new value after the change. Session timeouts prevent someone from logging in, walking away from their computer, and someone else using their session. All deployments of new code are sent promoted through development, alpha, beta, and production environments where extensive automated tests are conducted, including unit and regression tests. Two continuous build and testing environments are maintained for the current software release and for the current development release. Automated processes are used for all deployments in all server environments to ensure reproducibility. All data moving to and from Activity Insight are sent over a secure SSL-encrypted connection. Best practices for writing secure software are followed, including checks for code injection, cross-site scripting, buffer overflows, and data validation.
Security at Digital Measures
We maintain full technology insurance coverage in the event we suffer a data breach and our clients’ data were exposed. Additionally, we train all our staff yearly for the latest in security updates and procedures. Your university owns all data stored within Activity Insight, and Digital Measures cannot sell, give away, disseminate in any fashion, give out statistics on, or meta-data about your data. You can download all of your data at any time and as often as you desire. This assures that you always have a full copy of all of your data. All data moving to and from our servers are sent over a secure SSL-encrypted connection. Digital Measures is also compliant with the Family Education Rights and Privacy Act (FERPA) and Section 508 of the Rehabilitation Act. All computers used by Digital Measures staff are secured using antivirus with automatically updated definition files, automatic backups, firewalls, and encrypted drives. Upon retiring any computer used by a Digital Measures staff member, the hard drive is shredded. Digital Measures maintains strict security breach notification procedures.