Infinite Campus is dedicated to protecting the confidentiality, integrity, and availability of all its systems and data. As part of this mission, we utilize a thorough information security plan (ISP) that is regularly reviewed and updated based on emerging security threats and developments. This plan ensures Infinite Campus implements and maintains the appropriate safeguards to protect the confidential data of our customers, users, and employees.
The ISP applies to all Infinite Campus employees, interns, and contract workers, and covers all data systems, whether for internal company use or customer sites.
Information Security Best Practices
As part of our ongoing commitment to safeguarding the confidentiality, integrity, and availability of our systems and data, Infinite Campus uses a wide range of security best practices to protect all our sites and sensitive user information.
Included among these best practices:
An in-house team of professionals dedicated to information security.
Multifactor Authentication (MFA) is required for remote access to our sites and systems.
Endpoint protection software is used across servers and workstations to detect potentially malicious activity.
Reputational IP blocklists and DNS filtering prevent communication with malicious actors, and intrusion prevention systems are deployed to block bad actors and alert our Security Operations team.
Servers and logs are monitored, and all assets connected to our network are routinely scanned for vulnerabilities.
We regularly assess Infinite Campus' security posture and identify potential improvements.
All district databases are backed up daily, and the backup snapshot is maintained for 30 days, or as otherwise contractually required.
All customer data is hosted in secure U.S.-based data centers, and each SIS site uses a separate database from other customers.
SIS Users and Permissions
The Infinite Campus SIS allows customers to assign users rights to specific tools, which enables administrators to decide who can manage the product, update school records, and view student data.
Customers are responsible for managing accounts for students, parents, and staff. Infinite Campus provides resources to help secure those accounts, including Multifactor Authentication (MFA), CAPTCHAS, and breached password detection, among other features.
Vendors and Partners
Infinite Campus carefully evaluates its vendors and partners before entering into any agreements. This includes a robust assessment to validate their security controls.
All new technology is vetted internally, with input from both SecOps and our executive leadership. Before deploying it to our customers, we apply security measures to all new hardware and software.
Compliance
Infinite Campus complies with all relevant local, state, and federal laws and regulations. This includes adherence to the Family Educational Rights & Privacy Act (FERPA).
Additionally, Infinite Campus undergoes annual System & Organization Control (SOC) audits. After a customer has signed a Non-Disclosure Agreement, a detailed SOC2 report can be provided.
Vulnerability Reporting
Infinite Campus is committed to safeguarding our customers’ data. We believe that collaboration with individuals identifying any potential security concerns is essential for achieving our security objectives. If you identify a potential security vulnerability in one of our products or websites, we encourage you to report it to us at psirt@infinitecampus.com. If you would like to encrypt the communication, please contact us and we will supply a secure submission method. We appreciate your help in keeping educational data safe.