Security & Privacy at FocalPoint: Protecting Your Information with Uncompromising Standards

Certifications & Compliance

FocalPoint proudly adheres to globally recognized security and quality standards, including:

• SOC 2 Type II Certified – Verified controls for data security, availability, processing integrity, confidentiality, and privacy.

• CMMI Level 3 Certified – Demonstrated maturity and reliability in our software development and service processes.

• ISO 9001 & ISO 27001 Certified – International standards for quality management and information security management.

• FERPA & COPPA Compliance – Ensuring adherence to regulations protecting student privacy.

• Signed Student Privacy Pledge – Reinforcing our commitment to safeguarding student data.

• 1EdTech Certified – Ensuring interoperability and seamless integration with educational technology platforms.

Governance & Security Principles

Our security framework is guided by foundational principles:

• Principle of Least Privilege: Limiting access strictly to individuals with specific business needs.

• Defense-in-Depth: Multi-layered security controls providing robust protection at every level.

• Consistent Application: Uniformly enforced security policies across all operational areas.

• Continuous Improvement: Regular reviews and enhancements to our security measures.

Data Protection

• Data at Rest: All data stores, including Azure Storage, are encrypted. Highly sensitive data employs row-level encryption, ensuring robust protection even before data reaches storage.

• Data in Transit: We employ industry-standard TLS 1.2 or higher, enhanced by HSTS for secure data transmission, utilizing Azure-managed TLS keys and certificates.

Secret Management

Encryption keys and application secrets are securely managed through Azure Key Vault (AKV) with Hardware Security Modules (HSMs), ensuring that sensitive materials remain inaccessible even to internal personnel.

Product Security

• Penetration Testing: Annual, independent penetration tests are conducted on all aspects of our product and infrastructure. Comprehensive reports are available upon request.

• Vulnerability Management: Integrated into our Secure Development Lifecycle (SDLC), our vulnerability management includes:

  • Static Application Security Testing (SAST)

  • Software Composition Analysis (SCA)

  • Dynamic Application Security Testing (DAST)

  • Network and External Attack Surface Management (EASM)

Enterprise Security

• Endpoint Protection: All corporate devices feature centralized mobile device management (MDM), anti-malware protection, disk encryption, mandatory software updates, and 24/7 security monitoring.

• Vendor Risk Management: A comprehensive, risk-based evaluation of vendors is conducted, assessing inherent and residual risks and guiding secure vendor integrations.

• Secure Remote Access: Remote access to our systems is safeguarded via Azure VPN, complemented by malware-blocking DNS solutions to protect employees and endpoints.

  Security Training & Awareness

  Our employees undergo rigorous security training during onboarding and annually thereafter, including live sessions, tailored educational modules, and regular threat briefings, ensuring a continuously security-conscious workforce.

Identity and Access Management

Utilizing Azure Active Directory, we implement robust identity and access controls, including phishing-resistant authentication (WebAuthn), role-based access management, and automated revocation processes.

Regulatory Compliance

We consistently evaluate and evolve our security practices in response to regulatory updates and emerging standards, ensuring continuous compliance and proactive risk management.

Trust FocalPoint for unparalleled security, privacy, and peace of mind.