Pass employs several system configurations, network protections, and data minimization practices to ensure your students' data remains secure:
- Data Minimization: If your school utilizes third-party rostering providers like ClassLink or Clever, the system only collects essential student data. This is strictly limited to the student's first name, last name, email address, role, graduation year, and ID number.
- Network Protections: The application is shielded by a Web Application Firewall (WAF) to protect against unusual network traffic and bots. Additionally, any automated data uploads from your school to the Pass servers are encrypted and transmitted via Secure File Transfer Protocol (SFTP).
- Authentication Security: Because security is highly prioritized, any user creating a manual login is required to utilize and validate a valid email address. The system also integrates securely with leading Single Sign-On (SSO) providers, including Google, Microsoft O365, Clever, and ClassLink.
- Automatic Session Timeouts: To protect the system from overall misuse or abandoned computers, any user logged in via a web browser is automatically logged out every night at midnight in their local time zone.
- Strict PIN Protections: Adults are required to use complex 4-6 character PINs to interact with passes. Staff are explicitly instructed to take physical possession of a student's device when entering their PIN to keep it hidden. To prevent tampering, if a student attempts to guess an adult's PIN and fails five times, they are instantly logged out; after ten failed attempts, their account is securely locked for four hours.
Comments
Please sign in to leave a comment.