Information security
Keeping your information secure
At Sprintax TDS we understand how important the protection of personal and institutional information is in this digital age.
Information security is at every level of the SaaS we provide: application architecture, coding standards, encryption in transit and at rest, segregation, intrusion prevention and detection, authentication, roles and privileges, application log.
We conduct regular third party security audits that go beyond the OWASP Top 10.
As part of the larger global group, our approach to information security is governed by the ISO 27001 Information Security Management System. This certification demonstrates our capability of delivering the highest standards of information security management and is an internationally recognized standard.
Amazon Web Services (AWS) & Cloud security
Sprintax TDS is hosted on Virtual Private Cloud leased from Amazon Web Services (AWS). AWS is the current global leader among cloud computing providers. In addition to the physical infrastructure supporting the 24×365 availability of Sprintax TDS, they also manage the physical security layer of your information.
AWS provides numerous tools for monitoring and logging that further help ensure the confidentiality, integrity and availability of data.
While AWS is a global organization – all data in Sprintax TDS is collected, processed and stored in physical and virtual infrastructure that is 100% based on CONUS soil. That is also true for backup and DR locations.
Primary and back up data centers are predominantly based in the continental US, but as a global organization, we also leverage AWS data centers in Europe as required.
Multi-Factor Authentication (MFA)
Our product supports MFA on demand and is capable of integrating with the MFA tools that you may already be using in your organization.
For partners using their own Shibboleth Identity Provider with enabled MFA – TDS will inherit their preferred method.
Institutions using our Shibboleth Identity Provider can benefit from MFA using Google Authenticator. This popular application installs on mobile devices, and works even when they are not connected to a network – much like a hardware token!
HECVAT, VPAT, and all other such documents
HECVAT (Higher Education Community Vendor Assessment Tool) is a security assessment template, which ensures that cloud services are appropriately assessed for security and privacy needs, including those unique to higher education institutions.
A copy of our current HECVAT is available on request.
Voluntary Product Accessibility Template (VPAT) is also available by request.