Edulog Security Compliance

Security & Compliance

The security of our products is one of the highest priorities at Education Logistics. We are always working to enhance our security measures.

APPLICATION SECURITY

Learn about how we continually improve the security of products. 

SECURITY ADVISORIES

See any current important security-related product information.

BUG REPORTING

Help support our security practices by disclosing a vulnerability.

Continuous Security Commitment

Security Awareness Training

Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.

Roles and Responsibilities

Roles and responsibilities related to our information security program and the protection of our customer’s data are well defined and documented.

Information Security Program

We have an information security program in place that is communicated throughout the organization. Our information security program follows the criteria set forth by industry standards such as SOC 2.

Continuous Monitoring

We continuously monitor our security and compliance status to ensure there are no lapses.

 

Application Security

Edulog's cloud environments are backed by AWS’ security measures.

Customer data is encrypted both in transit and at rest with FIPS 140-2 validated cryptography.

User access controls include SSO for enhanced control and logging.

Code is scanned pre-deployment using SAST tools to guard against vulnerabilities.

Edulog undergoes regular and routine security review by third parties.

Security Advisories

On-Going

Implementing Solutions to Safeguard Sensitive Data

In January, we were alerted by one of our vendors, Karros Technologies, regarding a potential vulnerability in its email verification services. The vulnerability, discovered by a white-hat…Read more

Archive

How Teamwork Keeps Our Data Safer

In September, we were alerted by an exposure management company regarding a potential vulnerability relating to the configuration of an endpoint in Parent Portal.  We immediately investigated…Read more

Log4J (2021/2022) Exploits and Review

Edulog has continued to investigate the Log4J vulnerability since Friday, December 10. Currently we have reviewed the following vulnerabilities

Read more

Bug Reporting

HOW TO REPORT SECURITY VULNERABILITIES

Edulog appreciates and values our clients and partners as well as the security research community, who cooperate with us to proactively and responsibly disclose security vulnerabilities so patches can be made available. If you discover a vulnerability, please report it by sending an email to security@edulog.com. All emails to this address are promptly reviewed by members of Edulog’s security team.

GUIDELINES FOR REPORTING

For the protection of our customers and our own systems and infrastructure, Edulog does not disclose or discuss security issues until our internal research is complete and any necessary patches are available. We ask that all who report comply with the following guidelines when reporting a vulnerability:

  • Allow Edulog an opportunity to address a vulnerability within a reasonable time period
  • Do not publicly share information about the vulnerability prior to updates being available
  • Make a good faith effort to avoid privacy violations and destruction, interruption, or segregation of Edulog services or applications
  • Do not freely exploit, modify, or destroy data that does not belong to you.

Edulog’s application security team is responsible for triaging and managing product related vulnerability reports, which includes confirming the vulnerability, assigning risk and impact, working with our engineering teams on a fix, testing and releasing the fix, and communicating to clients. We are committed to working with those who report issues via these guidelines, and we aim to quickly resolve any issues.