Secure by Design

Security First,
Always

Your data security matters. SchoolBench Pro is built with strong security controls and holds the compliance certifications your school needs to protect student and staff information.

FERPA Compliant

GDPR Ready

SOC 2 Type II

ISO 27001

Infrastructure Security

Multiple layers of security protect your data at every level

Data Encryption

  • 256-bit SSL encryption in transit
  • AES-256 encryption at rest
  • End-to-end encryption for sensitive data

Network Security

  • Web Application Firewall (WAF)
  • DDoS protection
  • Intrusion detection systems

Access Control

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA)
  • Single Sign-On (SSO) support

Data Centers

  • SOC 2 certified facilities
  • 24/7 physical security
  • Redundant power and cooling

24/7 Monitoring

  • Real-time threat detection
  • Security incident response team
  • Automated security scans

Backup & Recovery

  • Daily automated backups
  • Geo-redundant storage
  • Point-in-time recovery

Compliance & Certifications

Meeting and exceeding industry standards for education data protection

FERPA Compliance

SchoolBench Pro is fully compliant with the Family Educational Rights and Privacy Act (FERPA), ensuring the privacy and security of student education records.

  • Strict access controls for student records
  • Parent and eligible student access rights
  • Annual privacy rights notifications
  • Full audit trails for all record access

GDPR Ready

We comply with the General Data Protection Regulation (GDPR) for our European users, giving individuals clear rights over their data and how it is used.

  • Right to access and data portability
  • Right to rectification and erasure
  • Privacy by design and default
  • Data Protection Officer (DPO) appointed

SOC 2 Type II Certified

Our SOC 2 Type II certification demonstrates our commitment to security, availability, processing integrity, confidentiality, and privacy.

  • Annual independent audits
  • Continuous monitoring and improvement
  • Strong security controls across all five trust categories
  • Report available upon request

ISO 27001 Certified

Our ISO 27001 certification validates our Information Security Management System (ISMS) meets internationally recognized standards.

  • Risk-based approach to security
  • Continuous improvement processes
  • Annual third-party audits
  • Documented security policies and procedures

Advanced Security Architecture

Multiple layers of protection for your school's data

Multi-Tenant Data Isolation

Our platform uses row-level security with complete data isolation between tenants (schools/districts), ensuring no cross-tenant data access.

  • Database-level tenant isolation
  • Automatic tenant context enforcement
  • Separate storage containers per tenant
  • Independent backup and recovery

Role-Based Access Control (RBAC)

Granular permission system with 100+ permission actions across all modules, ensuring users only access what they need.

Permission Categories

  • Student Management (view, create, update, delete)
  • Academic Records (grades, attendance, transcripts)
  • Financial Operations (fees, payments, invoicing)
  • Staff & HR Management (personnel, payroll)

Key Features

  • Pre-defined roles (Admin, Teacher, Parent, Student)
  • Custom role creation with granular permissions
  • Permission inheritance and hierarchies
  • Real-time permission updates

Multi-Factor Authentication (2FA/TOTP)

Enhanced security with time-based one-time passwords (TOTP) and backup recovery codes to protect accounts from unauthorized access.

Authenticator Apps

Support for Google Authenticator, Microsoft Authenticator, Authy, and other TOTP apps

Recovery Codes

10 single-use backup codes generated during 2FA setup for account recovery

Enforcement Policies

Administrators can enforce 2FA for specific roles or all users

Single Sign-On (SSO) & SAML 2.0

SSO integration with SAML 2.0 support, so users can sign in with their existing institutional credentials without managing a separate password.

Supported Identity Providers

  • Microsoft Azure Active Directory / Entra ID
  • Google Workspace (formerly G Suite)
  • Okta
  • OneLogin, Auth0, and other SAML 2.0 providers

SSO Benefits

  • Single login for all applications
  • Centralized access management
  • Automatic user provisioning/deprovisioning
  • Reduced password fatigue

Strong Encryption

Your data is encrypted both when stored and when moving between services, using the same protocols trusted by banks and governments.

Data at Rest

  • AES-256 encryption for all stored data
  • Encrypted database backups
  • Secure file storage with encryption
  • Hardware Security Module (HSM) key management

Data in Transit

  • TLS 1.3 for all connections
  • Perfect Forward Secrecy (PFS)
  • HTTPS enforced across all services
  • API request/response encryption

Full Audit Logging

Every action in the system is logged with a tamper-proof record, so you always know who did what and when.

  • User authentication events
  • Data access and modifications
  • Permission changes
  • API requests and responses
  • Export and data downloads
  • Administrative actions

Retention

Audit logs retained for 7 years with immutable storage and searchable interface

Backup & Disaster Recovery

Automated daily backups with tested disaster recovery procedures so your school's data is safe if something goes wrong.

Backup Strategy

  • Automated daily backups at 2 AM UTC
  • 30-day backup retention (Essential/Professional)
  • 90-day backup retention (Enterprise)
  • Geo-redundant backup storage

Recovery Objectives

RPO (Recovery Point Objective) < 24h

Maximum data loss in disaster scenario

RTO (Recovery Time Objective) < 4h

Time to restore full service availability

Security Testing & Validation

We test our security regularly so problems are caught before they affect you

Penetration Testing

Quarterly third-party penetration testing by certified ethical hackers to identify and remediate vulnerabilities.

  • OWASP Top 10 coverage
  • API security testing
  • Network infrastructure testing

Vulnerability Scanning

Continuous automated vulnerability scanning of infrastructure, applications, and dependencies with immediate remediation.

  • Daily automated scans
  • Dependency vulnerability checks
  • Critical issues patched within 24h

Secure Code Analysis

Static and dynamic code analysis integrated into our CI/CD pipeline to catch security issues before production.

  • SAST/DAST tools
  • Mandatory security code reviews
  • Pre-deployment security gates

Security Best Practices

How we keep your data safe, from development through to day-to-day operations

Secure Development

  • Security-First Development

    Security considerations at every stage of development

  • Code Reviews

    All code reviewed by security experts before deployment

  • Vulnerability Scanning

    Automated and manual penetration testing

Operational Security

  • Employee Training

    Regular security awareness training for all staff

  • Access Management

    Principle of least privilege for all systems

  • Incident Response

    24/7 incident response team and procedures

Your Trust is Our Priority

Have questions about our security practices? Our security team is here to help.

Contact Security Team

Security Whitepaper

Download our full security documentation

Download PDF →

Compliance Reports

Request access to our compliance certifications

Request Access →

Security Updates

Subscribe to security updates and announcements

Subscribe →