How does ESGI keep my data safe?
ESGI utilizes some of the most advanced technology for Internet security commercially available today.
• ESGI requires users to create a unique user name and password that must be entered each time a user logs on.
• ESGI also supports a secure SSO via Clever and Classlink for districts that have these products and want to simplify log in.
• When a user accesses secured areas of our site, Secure Sockets Layer (SSL) technology protects user information using both server authentication and data encryption, ensuring that user data is safe, secure, and available only to authorized persons
• Passwords and credit card information are always sent over secure, encrypted SSL connections. We are PCI-DSS compliant when managing payments.
• ESGI implements human, organizational, and technological security controls to protect its information assets from unauthorized access, leakage, modification, theft/loss, denial of service attacks, or any other threat.
• Our data center is located in a SOC 1, Type II audited facility
• Our data center is located in a facility that has achieved ISO 27001 certification
• Data center staffed and surveyed 24/7
• Digital surveillance equipment monitors the data center
• Environmental controls for temperature, humidity and smoke/fire detection
• Fully redundant web servers
• Multiple independent connections to our data centers
• Uptime monitored constantly, with escalation to ESGI staff for any downtime
• Firewall restricts access to all ports except 80 (http) and 443 (https)
• Security Sockets Layer (SSL) encryption across load balancers
• Backups occur every 10 minutes internally to a secure/ encrypted centralized backup system for offsite storage
• Backups are encrypted
• Data is stored on a redundant disk array
• Access controls to sensitive data in our databases and systems are set on a need-to-know basis
• We maintain and monitor audit logs on our services and systems
• We maintain internal information security policies following ISO 27001/27002 standards
• We maintain and follow PCI security regulations
• Our engineers use best practices and industry-standard secure coding guidelines to ensure secure coding