IT Security Policy

1. Introduction

This document provides a listing of all International Schoolings IT policies. International Schooling teachers, parents, students, and staff are expected to be aware of and comply with these policies.

1.1 Purpose

This document outlines the commitment of International Schooling to protect confidentiality, integrity, and availability of information and information resources. This document reflects International Schooling’s commitment to the security of information and information resources, in response to the many threats to information security and the significance of protecting the privacy of International Schooling content and the content of any third party acting on behalf of International Schooling.

1.2 Scope

This document applies to International Schooling, our Learning Platform, and all stakeholders including teachers, staff, students, parents, and other users who have access to International Schooling content and resources. The scope of the document applies to assets including but is not limited to data, computers, text, images, and/or software, whether stored on, hardware, or any other storage media. The standards and procedures laid down in the International Schooling’s IT Security Policies and Procedures concern all information systems as well as resources connecting to the network of International Schooling and its Learning Platform.

The International Schooling’s IT Security Policies and Procedures define the information security standards and procedures to ensure the integrity, confidentiality, and availability of all information systems as well as resources under the control of International Schooling.

1.3 Roles and Responsibilities

These are specific individuals or groups in the International Schooling System and their duties concerning International Schooling information security standards and procedures.

IT Department – With a prime objective of securing the overall computing infrastructure of International Schooling, the IT Department is accountable for quickly responding to recognize threats and risks to the data infrastructure, evaluate the level of risk, and take prompt action to mitigate risks deemed harmful and considerable to the integrity of International Schooling information system resources. The IT Department members inform the concerned department about any incident concerning their department’s resources. They are involved in the development and testing activities with regards to the delivery of products and services for the smooth operations of the educational environment. The IT Department is composed of the IT Head, IT Staffs, and some key members of the International Schooling security and network administration staff.

IT Head – IT Head has access to all IT Resources. IT Head is accountable for school-wide efforts pertaining to data and information system security, including the development of International Schooling data security policies, conciliation and assessment of site licenses for software related to security, training, synchronization of efforts to enhance data security controls, and distribution of security-related incidents and information, that might affect the accessibility, and reliability of International Schooling computing resources. The IT Head maintains and oversees all the communications among the IT Managers, IT Staffs, regularly updating them on any information security-related issues that must be addressed. IT Head is also in charge of providing IT planning, management, procurement, development, and implementation activities with regards to the delivery of information products and services for the smooth operations of the educational environment.

Product Manager – Responsible for the product planning and implementation on the International Schooling Learning Platform, by gathering requirements, defining the product life-cycle, and working closely with the department heads to ensure the product implemented has reached the satisfaction level of the users (students, teachers, parents, etc.). The Product Manager has access to all the production servers, databases, application code, testing servers, issue management tools, etc.

Solution Architect – Responsible for assisting developers with technical difficulties, while implementing new features. Solution Architects are also responsible for planning the technical implementation of the requirements. They ensure that the Learning Platform is upgraded with the latest technologies and secured from the latest security attacks.

Project Lead – Responsible for the complete implementation of a feature being delivered on the International Schooling Learning Platform. Project Lead has access to the testing and development servers and databases, application code, and issue management tools.

System Administrator (SA) – In certain circumstances, the SA might be accountable for the management of IT resources. In view of information security, their responsibilities may include:

Recommending the IT Head about security pitfalls
Ensuring that all users of International Schooling and Learning Platforms are aware of and abide by all International Schooling system security standards and policies
Ensuring that the resources meet the information security requirements, including the performance of constant risk planning and analysis in case of technology failure
Endorsing security awareness within International Schooling and its Learning Platform

Database Administrator (DA) – Database Administrator has access to the International Schooling databases. DA is accountable for the management of all database resources, backup, and recovery of databases in case of an attack on the system.

Business Analyst – Responsible for documenting the business requirements, processes of features within International Schooling. Business Analyst is also responsible for analyzing new trends in technology and suggesting new improvements in the Learning Platform.

Quality Analyst – Responsible for testing of the functionality and features of the Learning Platform and ensuring that all features implemented comply with the business requirements. Quality Analysts have access to the testing servers and databases, and the issue management tools.

Developer – Responsible for developing new features on the Learning Platform as per the business requirements. Developers have access to the testing and development servers and databases, application code, and issue management tools.

UI/UX Developer – Responsible for designing the User Interface of the Learning Platform as per the business requirements. UI/UX Developer has access to the testing and development servers and databases, application code, design tools, and issue management tools.

Non-Academic Staff– The International Schooling includes personnel that handles day to day operations on the International Schooling Learning Platform. This includes all department heads and employees of Administration, Human Resources, Marketing & Sales, Finance, Legal, IT, Public Relations departments. They are responsible for interacting with the students, teachers on the International Schooling platform.

2. International Schooling's IT Security Policies and Procedures

2.1 Responsible use of Information Technology Resources

2.1.1 Policy Statement

All International Schooling community members including students, teachers, parents and staff are responsible for maintaining the confidentiality, integrity, and availability of data created, received, stored, shared, or otherwise employed by the Learning Platform. Departments are responsible for implementing operational, and technical restrictions for access, use, sharing, and discarding of data in compliance with all International Schooling privacy and security policies, and guidelines. International Schooling expects its members, including but not limited to teachers, parents, staff, and students, to use all International Schooling information technology resources and responsibly.

2.1.1 Principles

Acceptable uses of International Schooling’s IT resources and data include:

Respecting system security mechanisms, and not taking measures designed to break these mechanisms.
Understanding and complying with the security policies, and guidelines of the International Schooling’s information technology and data.
Assisting in resolving a detected vulnerability, attack, or threat to the system.

Unacceptable uses of International Schooling’s IT resources and data include:

Unauthorized access or unauthorized use of International Schooling’s IT resources
Any activity that may disrupt another person’s use of information technology resources and data
Intentional installation of harmful software (spyware, viruses, malware, etc.)
Security breaches, intentional or unintentional, including negligent management of a server resulting in its unauthorized use or attack on the server.
Sharing of a password

2.2 Data Categorization Policy

2.2.1 Policy Statement

All data relating to International Schooling must be classified as either Confidential, Restricted, or Public. International Schooling managers and heads of departments are responsible for this categorization. Access to these data is given to all International School employees based on the categorizations.

2.2.2 Purpose of Policy

Data categorization depends on the accessibility and confidentiality level associated with it.

2.2.3 Principles

Confidential-This includes data which, if improperly disclosed, could have a significant impact on the reputation of International Schooling.

Personally, identifiable information is any information about a person that can be used to identify the identity of a person, such as a name, date, and place of birth, email, information about education, finance, and employment.
Financial data, including bank details, transaction proof, and receipts.
Employment records, including pay, contracts, and other staff records
Student records, related to student’s progress on the Learning Platform.
Account or system passwords that may provide access to systems or applications containing confidential data.

Restricted – This includes information that would not cause material harm, but has a moderate risk on International Schooling’s safety, or operations if improperly disclosed. Restricted data must be protected from unauthorized use, disclosure, modification, and destruction.

Data related to International Schooling’s operations, finances, or other activities of a sensitive nature not intended for public disclosure.
Information security data, system configuration documentation, infrastructure or network diagrams, and reports of incidents occurring at International Schooling.
Any other internal International Schooling data—the distribution of which is limited by intention or discretion of the author, owner, or administrator including business-related documents, application code.
The intellectual property of International Schooling

Public – This includes data that can be released to any person or organization inside or outside International Schooling, with minimal risk to the protection, finances, or operations of International Schooling.

Data on public International Schooling websites such as office email address, office phone number, office location, etc.
Data that is either published on the International Schooling website, publicly available or is not intellectual property.
News, blogs.

2.3 Incident Response Plan

2.3.1 Policy Statement

All issues occurring on the Learning Platform must be reported to the Information Technology (IT) Department as soon as possible regardless of magnitude.

2.3.2 Purpose of Policy

Issues on the Learning Platform can occur at any time and with varying severity. The systematic detection and resolution of issues is a crucial component of our organization. This policy outlines the reporting, reviewing, resolution of issues, and related corrective strategies. All incidents occurring must be reported immediately.

2.3.3 Purpose of Policy

Learning Platform issues must be reported, reviewed, and resolved with recommendations. All issues are monitored through issue management tools on the platform.

Reporting an Issue: There are many different types of issues that can be reported to the IT Department. Examples of issues include:

Issues on the Learning Platform that hinder students, parents, and teachers’ experience.
User accesses a system or application with credentials other than his/her own.
Access to a system, application, or document that was not authorized by the appropriate personnel
An information system is infected with virus, malware, or ransomware

Reviewing the Issue: Each reported issue must be reviewed by the IT Staff. Some of them include:

Issues on the Learning Platform that hinder students, parents, and teachers’ experience.
Unauthorized or suspicious activity on International Schooling network, including systems or applications
International Schooling data is lost, stolen, misdirected to, or otherwise shared with an unauthorized party.
A system on the International Schooling network is infected with malware.

Resolving the Issue: Once an issue has been reported and reviewed, the issue must be resolved to prevent further harm. By means of example, the following steps should be taken:

For Learning Platform issues, immediate efforts must be made by the IT Department to resolve the issue as soon as possible.
If a system has been infected on the International Schooling network it should be isolated but should remain on for further resolving.
Closing an issue indicates that the issue has been completely resolved. Accordingly, efforts should be made to prevent such issues from occurring again.

2.4 Communication Policy

2.4.1 Policy Statement

International Schooling uses multiple means of communication including emails, instant messaging, ticketing systems, etc. for its students, teacher, parents and staff for conducting general institution business on the Learning Platform. Official accounts have been provided to teachers, students, parents, and staff on our Learning Platform. It is the account holder’s responsibility to adhere to certain guidelines while communicating with other members of International Schooling. Any data received over any source of transfer (e.g. email, instant messaging, etc.) is subject to surveillance by the International Schooling’s staff.

2.4.2 Purpose of Policy

International Schooling is responsible to protect information created, received, stored, transferred on the International Schooling network, including that contained in emails.

2.4.3 Principles

Personally identifiable information such as teachers, students, parents or staff’s records must be treated with extreme care to avoid improper disclosure that could lead to a potential risk for International Schooling and its stakeholders. Any data received over any source of transfer (e.g. email, instant messaging, etc.) is subject to surveillance by the International Schooling’s staff.

Access to International Schooling’s accounts requires certain responsibilities for the account holder, including, but not limited to, the following:

Do not share your account password with anyone, including the IT Department (IT Department will never ask you for your password).
Do not use your account to harass others.
Do not spam people with emails
Do not send confidential data to any individual without proper authorization

2.5 Data Security

2.5.1 Policy Statement

All members of the International Schooling community including teachers, students, parents and staff are responsible for protecting the confidentiality, integrity, and availability of data created, received, stored, transferred, or otherwise used by the institution. International Schooling reserves the right to restrict the use of Information Technology (IT) Resources in order to preserve data security.

2.5.2 Purpose of Policy

Confidential information such as personal information, or student records must be treated with extreme care to avoid any unintentional or inappropriate disclosure that would put International Schooling and its stakeholders at risk.

2.5.3 Principles

Unauthorized or Inappropriate Data Transfer – Information such as student information, employee data, or financial documents are confidential and must be handled with extreme caution to prevent improper disclosure. Any data received over any communication source (e.g. email, messaging, etc.) is subject to surveillance by the administration of the International Schooling. Any deliberate or accidental data transfer to an outsider may result in the account being revoked for further review in compliance with the Incident Response Plan Policy. International Schooling tracks email and user messages on the International Schooling platform actively.

Access and Authorization to Manipulate Data – No data created, received, stored, transferred, or otherwise used by the institution is deleted from the Learning Platform. All students, teachers, staff’s data including but not limited to student records, teacher contracts, emails, files, etc. are archived after the user’s association with International Schooling ends. Record of students who have graduated or dropped out, or teachers who have terminated their contract with International Schooling, is archived a year after their association has ended. Archived data cannot be further manipulated by any user. The respective department heads have the right to access archived data and can approve which personnel gets access to that data.

Backup, Recovery, and Disposal of Data – Database administrators, and managers of information systems must have documented procedures to create a retrievable, exact copy of data and must test data and recovery of the system regularly; a minimum of once per year. Requirements for backup of database and systems include by are not limited to:

Databases and systems must be backed up (at least weekly) on a predefined, regular basis, using durable media that should include provisions for keeping a backup or a copy of a backup in off-site storage.
Backup media must be kept safe and protected from any unauthorized access.
Reasonable efforts must be made to keep backup media that stores data, password-protected, and is external to the backup system.
Managers and administrators of information systems or data must have documented procedures for restoring those systems or data.
Databases and systems must be disposed of in such a way as to ensure that data cannot be retrieved or recovered.

2.6 Privacy Policy

2.6.1 Policy Statement

International Schooling respects and understands the importance of online privacy and security and we have thus established a policy based on the Personal Data Protection Act 2012 (PDPA). This Privacy Policy discloses our information gathering, use and dissemination practices for our main website, www.internationalschooling.org, and any of the sub-sites associated with By using our Website, you agree to the terms of our Privacy Policy. The Privacy Policy is subject to change at any time at the sole discretion of International Schooling. To stay updated, users are requested to refer to the website.

2.6.2 Principles

Web Browser Information Use

International Schooling may use data your web browser passes on, such as your IP address, browser name and version, computer operating system, resources you are accessing and the last resource visited. These items are recorded in the server’s log file, as is common practice with all websites. The information gathered is often analyzed to better understand what our customers want and need from a technological perspective.
The information collected thus is classified as Non-Personally Identifiable Information, meaning the information gathered does not lead to your identification. Keeping this in mind, we reserve the right to utilize and share the same with third parties. Please note that wherever non-personally identifiable and personally identifiable information is combined, we will treat the combination as personally identifiable information for as long as it remains so combined.

Data Collection; Use And Disclosure

International Schooling websites contain areas that collect personally identifiable information which is supplied voluntarily by the users. Persons who supply International Schooling with their contact information online may receive direct mail, email, or telephone contact from us with information regarding special promotions, new product releases, upcoming events, and services that may be of interest to our customers. However, the information would be handled confidentially.
We reserve the right to share personally identifiable information with some service providers and our affiliated companies. They can make use of the information to process any transactions requested by the user. The service providers can include vendors, consultants, or companies that carry out marketing services for International Schooling. However, you may rest assured, as we urge our service providers to keep personally identifiable information safe and protected and to disclose or use it only for projects undertaken in the name of International Schooling, or as allowed by law.
International Schooling platform contains personally identifiable information that is preserved by and available to third parties – content partners, service providers, or vendors. These parties are given access to the least amount of information necessary to help them perform the tasks for which they are being engaged. These third parties have approved to preserve the confidentiality of the information and to make use of the information only for projects undertaken for International Schooling, or as permitted by law.
International Schooling contains ‘student educational records’. These records are protected by international Schooling in line with pertinent educational rights and PDPA.
We may release your personally identifiable information to a third party if we deem we are obligated to do so under the law of the land (incl. subpoenas and court orders); to implement our terms of use; to protect the safety, privacy, rights or property of International Schooling, our employees, affiliated schools or/and to authorize us to avail remedies or limit the indemnity that we might sustain.
In case all or majority International Schooling assets are transferred or sold to any other party, then all information, personally identifiable or not, might also be transferred to the acquiring party.

Transfer Of Personal Information Outside Singapore

Certain third-party service providers might be operating outside Singapore. By providing information on International Schooling through the websites or otherwise, the user consents to transfer of both non-Personally Identifiable and Personally Identifiable Information to be used and processed in agreement with the terms specified in this Privacy Policy.

Discussion Threads And Message Boards

Discussion threads and/or message boards are available through LMS or any other education management system. These may also be part of Live Lesson sessions in the virtual classroom environment. The postings on the discussion threads and/or message boards, or the user’s presence on Live Lesson sessions can be read by anyone who is part of the same. Additionally, any information shared to a discussion thread and/or message boards, verbal or chat pod comment can be included in a Live Lesson session, and then it might be available and disclosed to all users of that specific discussion thread and/or message board, or live session. We do not assure the security of any information disclosed by the user on the aforementioned public forums. Therefore, any postings by the user would be at their own risk.

Children Under 11

The online privacy and safety of children is a primary concern of International Schooling.
Children may not provide personally identifiable information without providing prior parental consent or parental notification, which will include an opportunity for the parent to prevent the use of information and participation in the activity. International Schooling never seeks any information from children below 11 years of age.
Children may not publicly post or otherwise distribute personally identifiable contact information without prior parental consent.
If any information is put out by fault, deception, or fraud, please inform International Schooling immediately by reaching out to us at [email protected].
Guardians of children under 11 years of age can ask for reviewing, editing, or prohibiting personally identifiable information about the child from being utilized by International Schooling by sending an application at [email protected].
Please note that in case a request is made to exclude information from being used by International Schooling, the child’s registration in International Schooling may not continue and this might also terminate his/her participation in the International Schooling program.

Links To Other Sites

Our websites may contain links to other sites. International Schooling is not responsible for the privacy practices or the content of such websites.

Opt-Out

International Schooling provides users with the opportunity to opt out of receiving future communications. Opt-out requests, to be effective, must be sent to [email protected]. We can also be reached at +65 3159 3949 for removal from all contact lists of International Schooling.

How To Contact Us

In case you should have any questions, comments, or concerns about this Website Privacy Policy or the information practices of this site, please contact us as follows:

International Schooling

111 Somerset Road, Level 13, TripleOne Somerset,

Singapore – 238164

Email: [email protected]

Phone: +65 3159 3949

Security

International Schooling takes sound steps to preserve user information. As efficient as the safety measures are, no security system is fully infallible; therefore, complete security of our systems or database is not guaranteed.

Web Browser Information Use

International Schooling may use data your web browser passes on, such as your IP address, browser name and version, computer operating system, resources you are accessing and the last resource visited. These items are recorded in the server’s log file, as is common practice with all websites. The information gathered is often analyzed to better understand what our customers want and need from a technological perspective.
The information collected thus is classified as Non-Personally Identifiable Information, meaning the information gathered does not lead to your identification. Keeping this in mind, we reserve the right to utilize and share the same with third parties. Please note that wherever non-personally identifiable and personally identifiable information is combined, we will treat the combination as personally identifiable information for as long as it remains so combined.

Data Collection; Use And Disclosure

International Schooling websites contain areas that collect personally identifiable information which is supplied voluntarily by the users. Persons who supply International Schooling with their contact information online may receive direct mail, email, or telephone contact from us with information regarding special promotions, new product releases, upcoming events, and services that may be of interest to our customers. However, the information would be handled confidentially.
We reserve the right to share personally identifiable information with some service providers and our affiliated companies. They can make use of the information to process any transactions requested by the user. The service providers can include vendors, consultants, or companies that carry out marketing services for International Schooling. However, you may rest assured, as we urge our service providers to keep personally identifiable information safe and protected and to disclose or use it only for projects undertaken in the name of International Schooling, or as allowed by law.
International Schooling platform contains personally identifiable information that is preserved by and available to third parties – content partners, service providers, or vendors. These parties are given access to the least amount of information necessary to help them perform the tasks for which they are being engaged. These third parties have approved to preserve the confidentiality of the information and to make use of the information only for projects undertaken for International Schooling, or as permitted by law.
International Schooling contains ‘student educational records’. These records are protected by international Schooling in line with pertinent educational rights and PDPA.
We may release your personally identifiable information to a third party if we deem we are obligated to do so under the law of the land (incl. subpoenas and court orders); to implement our terms of use; to protect the safety, privacy, rights or property of International Schooling, our employees, affiliated schools or/and to authorize us to avail remedies or limit the indemnity that we might sustain.
In case all or majority International Schooling assets are transferred or sold to any other party, then all information, personally identifiable or not, might also be transferred to the acquiring party.

Transfer Of Personal Information Outside Singapore

Discussion Threads And Message Boards

Children Under 11

The online privacy and safety of children is a primary concern of International Schooling.
Children may not provide personally identifiable information without providing prior parental consent or parental notification, which will include an opportunity for the parent to prevent the use of information and participation in the activity. International Schooling never seeks any information from children below 11 years of age.
Children may not publicly post or otherwise distribute personally identifiable contact information without prior parental consent.
If any information is put out by fault, deception, or fraud, please inform International Schooling immediately by reaching out to us at [email protected].
Guardians of children under 11 years of age can ask for reviewing, editing, or prohibiting personally identifiable information about the child from being utilized by International Schooling by sending an application at [email protected].
Please note that in case a request is made to exclude information from being used by International Schooling, the child’s registration in International Schooling may not continue and this might also terminate his/her participation in the International Schooling program.

Links To Other Sites

Our websites may contain links to other sites. International Schooling is not responsible for the privacy practices or the content of such websites.

Opt-Out

How To Contact Us

In case you should have any questions, comments, or concerns about this Website Privacy Policy or the information practices of this site, please contact us as follows:

International Schooling

111 Somerset Road, Level 13, TripleOne Somerset,

Singapore – 238164

Email: [email protected]

Phone: +65 3159 3949

Security

2.7 Terms of Use

Applicable To All Users

Acceptance Of Terms

By using our Learning Management System (“LMS”), you (hereinafter referred to as the “User” or “Users”) approve all terms, conditions, and notices specified or referenced in these Terms of Use (“Terms”). These Terms apply to your use of LMS and all information, materials, content, products, services, and software that are licensed or owned by International Schooling (“IS”) and available through, or, included in LMS (“International Schooling Content”) in addition to any content licensed or owned by a third-party content provider that is available through, or included in LMS with that Third party’s permission (“Third Party Content”) (International Schooling Content and Third Party Content collectively, “the Content”). If the User is a minor, it is the responsibility of his or her parent/guardian, to ensure that the User adheres to the Terms
Any Third Party Content uploaded or made available in any other way by a Third Party is the sole property of the Third Party or their licensors and remains the sole property of the same. By uploading or otherwise making available any Third Party Content, you automatically warrant and/or grant that the owner has granted International Schooling, the perpetual, sole and royalty-free, license and right to use, publish, replicate, present, transmit and distribute the Third Party Content through the medium into which you have uploaded the Third Party Content or authorized International Schooling to upload the Third Party Content. You also authorize any User of LMS with access to that medium, depending on your restrictions, to access, analyze, store, and reproduce the Third Party Content to the same scope as permitted here. To the scope provided for in the particular terms of the governing agreement between Third Party, Third Party Content, and International Schooling might be removed, hidden, changed, or customized by the Third Party, conditional on the terms and conditions laid down herein with regard to the use of LMS. International Schooling has the right to modify these Terms at any time, effective upon posting the restructured Terms on the LMS log-in page. The most recent version is always available by clicking the Terms of Use link found at the bottom of the LMS log-in page.

Permitted Use

LMS is to be used to access the education program licensed by or for the assistance of the User(s). International Schooling gives the User the sole, untransferable, limited license to visit, access, view, use, and print the Content, exclusively for the User’s individual personal non-commercial use, corresponding to such education programs, provided the User keeps all copyright and other proprietary notices intact. Use of the Content or other materials for any purpose not explicitly permitted in these Terms is proscribed.

Users should not:

Alter, obscure, or remove the Content in any manner except as advised in writing by International Schooling
Use LMS in any way that may harm, halt, impair, or overload any International Schooling server or the network (or networks) connected to any International Schooling server, or interfere with the use of LMS by any other party
Gain or make an effort to gain unauthorized access to any computer systems, accounts, or networks connected to any of the International Schooling servers through password mining, hacking, or any other means
Gain or attempt to gain any information or materials through any methods not purposely made available through LMS

The use of LMS in any way for the following purposes is strictly prohibited. In making use of LMS, you concur that you will not:

Send, receive, or show obscene, pornographic, sexually explicit material or any other material that is harmful to minors
Impersonate any entity or individual (by using their password or any other means), this includes any representative or employee of International Schooling
Copy and/or distribute content provided in LMS (this includes WebMail messages, postings on the Message Boards, or study material and answer keys) without the permission of the owner
Solicit or gather information about the Users and/or members of this site, particularly with the intent of transmitting, or facilitating distribution of, bulk or unsolicited email or other electronic communications
Use the communication services provided by the school in connection with surveys, schemes, contests, junk e-mail, chain letters, spamming, or any superfluous or duplicative messages (commercial or non-commercial)
Upload files that include viruses, worms, cancelbots, time bombs, Trojan horses, corrupted files, or other related programs or software that can damage the operation of any property or computer
Request or gather personal information (this includes name, phone number, and address) from any individual below eighteen years of age without confirmed parental consent
Display offensive or threatening material, this includes usage of swear words, insulting, vulgar, obscene or repugnant language
Display racist, biased, or discriminatory pictures or messages
Violate any pertinent laws
Disclose any other User’s or a minor’s personal information this includes- address, phone number, or related information to others without their approval or parental consent
Infringe any trademark, copyright, trade secret, patent, or any other intellectual property laws or use the intellectual property of any other entity or person without the permission of the owner—this includes sharing links to and including other trademarked or copyrighted material from third parties in LMS (this includes posting in WebMail messages or on the Message Boards) without consent as well as using any service marks, trademarks or their marks on any website or in social media without the permission of the owner
Intrude in the files, folders or work of other individuals
Endorse commercial activities except as specified in writing by International Schooling
Promote products or services or participate in political lobbying
Harass, defame, mistreat, insult, threaten, stalk, attack, or otherwise violate the legal rights (like publicity and privacy) of another individual or get in the way of another person’s work, including sending of unnecessary e-mails or WebMail messages

Each user would be assigned a user name and password (the “Log-in Information”) for accessing the LMS and the Content. Users are required to keep all Log-in Information strictly confidential, and the Log-in Information should only be used by the assigned User. Users are responsible for maintaining the confidentiality and security of all Log-in Information and for averting access to LMS and/or the Content by any unauthorized individual using the Log-in Information of any other User. Users are accountable for any and every activity that takes place through their account. Users must inform International Schooling instantaneously of any breach of security or unauthorized use of their account. Despite the aforementioned, some employees of International Schooling may be allowed to “log in as” someone else, after seeking approval from their supervisor and undertaking specific training.

Proprietary Rights

The User acknowledges and concurs that some of the information available in LMS is protected by different trademarks, service marks, patents, copyrights, trade secrets, or any other intellectual property rights and laws and should only be used as allowed by law and with the authorization of the owner. Except as explicitly authorized by International Schooling, Users can not sell, rent, license, copy, modify, distribute, transfer, edit, reproduce, adapt, openly display or publish, or create derived works from or otherwise utilize the Content or features in LMS in any medium or form. Users are fully accountable for their individual use and for making sure such use won’t violate the rights of International Schooling or the third parties. Over and above the possible legal action, any unpermitted use including plagiarism or reposting of International Schooling or third party intellectual property can bring about one or more of the following: termination of the right to use LMS, school-based disciplinary action, and/or expulsion from the school, the program of study or program offering.

Copyright Infringement

Content is owned or controlled by International Schooling or the third party attributed as the Content provider, and its contents should not be copied, circulated, reproduced, or customized in any way without the explicit written consent of International Schooling. If you have any copyright concerns about the material posted on LMS by anyone, please inform us. You can send a written notice (“Notice”) by getting in touch with our Designated Agent at [email protected].

To be helpful, the Notice must comprise of the following:

A signature of the owner (physical or electronic), or any individual approved to act on behalf of the owner (“Complaining Party”)
Details of the material that is supposedly being infringed on
Reasonably sufficient information to authorize International Schooling to contact the Complaining Party, like – address, phone number, and an electronic mail address, if available
Identification of the supposedly infringed material on LMS (“Infringing Material”), and reasonably sufficient information to authorize International Schooling to find the material on LMS
Identification of the copyrighted material that is allegedly been infringed upon (“Infringed Material”), or if several copyrighted works on LMS are mentioned in a single Notice, a list of each copyrighted work that is allegedly been infringed upon (please mention in detail that which Infringing Material is supposed to be infringing on which Infringed Material);
A declaration that the Complaining Party has a reason to believe that use of Infringing Material in the way complained of is not approved by the law, the copyright owner or its agent
A declaration that the information provided in the Notice is correct, and that the Complaining Party is the owner or is allowed to act on the owner’s behalf of the material that is allegedly infringed, under penalty of perjury

Trademarks

LMS contains trademarks and service marks of International Schooling and of the third parties. These marks can only be used in line with ‘International Schooling’ Trademark Usage Guidelines contained by the Website Terms of Use on the public website. For permission to make use of the International Schooling logo or name or any International Schooling marks outside of the Trademark Usage Guidelines, get in touch with [email protected]. Any use of International Schooling marks that don’t meet with the Trademark Usage Guidelines is strictly forbidden.

Links

LMS may include links to other websites or resources that are provided for the convenience of the Users. Unless stated otherwise, these linked sites are not under the control of International Schooling and International Schooling is not accountable for the content available on third party linked sites. International Schooling makes no warranties, representations, or any other commitments about any third party websites or third-party resources that might be accessible from, referenced to, or linked to LMS. A link to a website does not mean that International Schooling endorses the content on that website, the owner of the website, or the use of such websites. Additionally, International Schooling is not privy to or responsible for any dealings the User may get into with third parties, even though the User learns about such parties (or finds a link to such parties) through LMS. As a result, the User acknowledges and agrees that International Schooling is not accountable for the availability of such external resources or websites, except where explicitly contracted for, and is not accountable or liable for any content, products, services, or other materials available on or from those resources or websites.

Privacy

You concur that your use of LMS is also dependent on the Privacy Policy, which is part of these Terms.

Export Control

International Schooling controls and operates LMS from its headquarters in the United States and makes no declaration that the Content is available or suitable for use in other locations. If LMS is used from other locations, you are accountable for compliance with pertinent laws.

Warranty And Other Disclaimers

International Schooling is determined to ensuring the accuracy of all the information provided through and in LMS, conditional on the following limitations:

International Schooling would use rational efforts to keep the information up to date and to ensure the completeness or accuracy of material available through LMS. However, materials available through LMS cannot be guaranteed or promised to be current, correct, or complete, and could include typographical errors or inaccuracies
The User accepts that International Schooling is not responsible for the conduct of any party using LMS or for any offensive, derogatory, infringing, or illegal materials displayed on LMS or in any Communication Service and International Schooling reserves the right to fix any errors or correct any omissions and remove any materials from LMS at its own discretion and without the accountability of any kind

Disclaimer Of Warranty

The use of LMS or any communication service is at the sole risk of the user. All information, materials, software, programs, products, and services are provided “as is,” with no guarantees or warranties whatsoever. International schooling explicitly disclaims to the fullest extent permitted by law all implied, statutory, express, and other guarantees, warranties, or representations, including, without constraint, the warranties of fitness for a specific purpose, merchant ability and non-infringement of intellectual property and proprietary rights. Without limitation, international schooling makes no guarantees or warranties that LMS will be secure, timely, error-free, or uninterrupted. The user acknowledges and agrees that if the user downloads or otherwise acquires information, materials, software, programs, products or services, the user does so at his or her own risk and discretion and that user would be solely responsible for any damages that might ensue, including damage to the computer system of the user or loss of data. Some jurisdictions may not permit the exclusion of warranties; as a result, the above exclusions will not apply to the user.

Limitation Of Liability

On no account will international schooling be accountable for any direct, indirect, incidental, punitive, special, or consequential damages that ensue from the use of or failure to make use of LMS or any other communication service. This limitation applies whether the alleged liability is founded on contract, negligence, strict liability, tort, or any other grounds, even if international schooling has been notified of the likelihood of such damage. Since some jurisdictions do not allow the exclusion or limitation of consequential or incidental damages, international schooling’ liability in such jurisdictions might be limited to the extent permitted by law.

Release

The user hereby releases and perpetually discharges international schooling, its affiliated schools, employees, officers, directors, contractors, agents, successors, and assigns (“released parties”), from all causes of action, actions, claims, damages, injuries, costs, or expenses of any type growing out of or related to the user or minor child(ren)’s of the user use of LMS or any communication service. The user acknowledges that this is a complete and full release to the maximum extent allowed by law of all claims and damages to which the user or minor child(ren) of the user may have as a result of his or her use of LMS irrespective of the exact cause thereof.

Indemnification

Upon request by International Schooling, the User concurs to protect, indemnify, and hold harmless International Schooling and its affiliated schools, contractors, employees, officers, directors, licensors and third-party content providers from all claims, liabilities, and expenses, including attorney’s fees, which may arise from the User’s use or misuse of LMS, Content, or other Communication Services. International Schooling has the right, at its own expense, to presume the exclusive defense and control of any issue otherwise dependent on indemnification by the User, in which case the User would collaborate with International Schooling in asserting any available defenses.

Severability And Integration

With the exception of other agreements signed by the User with International Schooling, these Terms comprise of the entire agreement between International Schooling and the User with regard to the use of LMS. If any portion of these Terms is held unenforceable or invalid, that part should be construed in a manner compatible with applicable law to reflect, as much as possible, the original goals of the parties and the remaining portions should remain in full force and effect.

Termination Of Use

If the User infringes these Terms, the User may be banned from any future use of LMS and/or may be subjected to legal action. Grounds for such termination, suspension and/or deletion should include, but not be limited to:

Violations or breaches of the Terms, or of other guidelines or agreements included therein
Requests by government agencies or law enforcement
A request by USER (self-initiated account deletion)
Material modification or discontinuance of LMS (or any component thereof)
Unanticipated security or technical problems or issues
Inactivity for an extended period of time, and/or
Engagement in illegal or fraudulent activities by the User. Termination of User account may include:
- Access removal to all LMS offerings
- Deletion of your user account, password and related information, like content and files linked with or found inside the account (or any part thereof)
- Forbidding any further use of LMS
- In addition to that, you concur that all terminations for cause will be made in Connection’s sole discretion and that International Schooling will not be accountable to you or any third party for the termination of access to LMS or that of your account.

Additional Terms Applicable To The International Schooling Community Of Schools, Including All Nexus Schools, Only WebMail, Message Boards, And Other Communication Services

International Schooling offers an internal email system, International Schooling WebMail, through LMS, as a service to some Users in relation to those education programs that provide for webmail service. Webmail allows such Users to network with other Webmail users. International Schooling cannot assure the security of any information that such Users reveal in WebMail messages, and the Users do so at their own discretion. Sent WebMail messages are only available to the author and recipients, as well as to other authorized personnel for ensuring and maintaining system integrity and also to make sure that Users are acting legally and responsibly as suggested by these Terms. Also, WebMail messages can not be guaranteed to be private and they might be monitored. Messages pertaining to or in support of obscene or illegal activities or those that otherwise violate the Terms might be informed to the concerned authorities and can result in the loss of user privileges, exclusion from the User’s respective education programs, and/or legal action.

International Schooling also runs academic Message Boards found within LMS to help in smooth exchange of information, ideas, and opinions between those Users whose respective education program offers access to Message Boards. These Users might only use the Message Boards for structured activities, clubs, or other educational uses as advised by the school department and as mentioned on each Message Board. The Message Boards include contributions that only represent the views of their respective authors and not of International Schooling. Use of the Message Boards is subject to the rules governing the usage of Message Boards which are provided when a user accesses them (see also the Links section below).

Other than the WebMail system and the Message Boards, International Schooling may now and again offer chat areas and/or other communication or message functionality designed to enable Users to correspond with others (each a “Communication Service” and jointly “Communication Services”). The User concurs to use Communication Services only in agreement with these Terms and as mentioned on each Communication Service to send, receive and post messages and materials that are appropriate and, when pertinent, related to the specific Communication Service.

Any information that the User may provide to be posted to a Message Board or any other Communication Service would be disclosed and made available to all Users of that Communication Service and as a result, is not private any longer. We cannot ensure the security of such information that you share or disclose online in public areas, and you do so at your sole discretion. International Schooling does not endorse or control the messages, information or content found in any Communication Service; thus, International Schooling explicitly disclaims any accountability pertaining to the Communication Services and any actions ensuing from a User’s involvement in any Communication Services. All participants accept that any dependence upon such content will be at the own risk of the individual so relying.

Although International Schooling has no responsibility to do so, International Schooling reserves the right:

To supervise anything posted to a Message Board or any other Communication Services or anything sent through International Schooling WebMail
To remove anything which is considered offensive by International Schooling or otherwise is in violation of these Terms or for any other reason as International Schooling considers necessary in its absolute and own discretion

At all times, International Schooling reserves the right to disclose any information as International Schooling deems required for any applicable law, disciplinary investigation, legal process, regulation, or governmental request, or to amend, decline to post, or to remove any information or material, completely or in part, at International Schooling own discretion.

2.8 Requirements for Securing Information Systems

2.8.1 Policy Statement

To prevent unauthorized access to International Schooling’s data, information systems must be secured according to a set of standards and principles.

2.8.2 Purpose of Policy

Certain security measures must be implemented to prevent or mitigate the risk of a security breach or an attack. In this policy, International Schooling sets a standard for securely configuring information systems residing on the International Schooling network to ensure a hardened and tested security configuration is used in all information systems.

2.8.3 Principles

International Schooling’s information system is a server or application that contains, stores, or provides access to International Schooling’s data. International Schooling ensures that its information systems are secured and hardened. The security configurations are to be implemented based on the initial system risk assessment to achieve the appropriate level of security by the IT Head.

Regular Updation of the Server – Unless otherwise specified, all servers must be installed with a compatible version of the technologies used to run the Learning Platform on production. Outdated software must not be used unless the IT Department has issued a particular exception. Servers must be patched regularly with the new security patches. The system must not be placed on a public network during the implementation of a new system (in case of migration to a new server) until the system is sufficiently protected. Until deployment on production systems, all patches must be tested as patches that are deployed without testing may render a system inaccessible or make system data irrecoverable.
Hardening and Configuring of the Servers – System Administrators are responsible for configuring the server operating system in a secure manner. To minimize the threats and the number of potential vulnerabilities or risks that may occur on the system, all information systems must be configured to provide the least possible functionality to the system. In addition to the already established system hardening controls, additional protection measures have to be implemented as well. Use a web-application firewall for or user-facing applications, wherever applicable.
Storing of Application Logs – The ability to collect detailed application logs is vital for troubleshooting, and support of systems and software. Logs may need to be retrieved for incident response initiatives, or other diagnostic and troubleshooting purposes.
Server and Database Backup Procedures – Information systems must be backed up based on level confidentiality of the system, and availability of resources for performing a backup. Backups must exist as per the existing backup policies. Backups for confidential systems should be stored in a secure external location.
Secure Coding and Development Practices – All developers are trained to identify and analyze security issues when writing and reviewing code. Code reviews are conducted for each change to the code base to detect and correct any bugs, security flaws, and any other code defects. Changes to code must be reviewed before the code is approved and committed to the code base repository.
Maintaining a Test Server – To limit the impact of updates and other system changes, a test server, must be maintained for user-facing systems. The test server must have configurations of hardware and software which are identical to the production server. Once deploying into the production environment, all configuration updates, fixes, and other upgrades must be reviewed on the test server.

2.9 Password Policy

2.9.1 Policy Statement

It is the responsibility of all students, teachers, parents, staff, and any other individual who has access to the International Schooling data to protect their account’s username and password and must comply with the password guidelines in this policy. Passwords must meet the complexity rules set in the policy and must not be shared or made accessible to others in any way that does not adhere to this policy.

2.9.2 Purpose of Policy

Assigning users individual accounts that require password protection is one of the key methods used to restrict access to International Schooling data. If an account is compromised, an unauthorized individual could obtain access to information systems, either involuntarily or maliciously. Individuals with these accounts are responsible for protecting against unauthorized access to their accounts and ensuring that passwords are kept confidential and difficult to crack.

2.9.3 Principles

Account Holder’s Responsibilities – The account holder is responsible for keeping its password safe and confidential. International Schooling allows students, and teachers to register on the platform, where the user can decide their credentials (Email and password) and register themselves. The email used is a unique identifier for the student and teacher.

Initial passwords must be changed immediately upon issuance.
Passwords for the International Schooling account must never be shared with another user for any reason.
Teachers, students, parents, and staff of International Schooling must never ask someone else for their password. If another person asks you to provide your password, you are required to report this to the IT Department. International Schooling passwords must never be written down and left at an easily accessible or otherwise visible location.
Account Holders must never leave themselves logged into the application or system where someone else can knowingly or unknowingly use their account.
To recover your account in case of forgetting your credentials, user can contact the administration or recover their password by following the steps provided on the Learning Platform.
Data in devices that need to be repaired by a third-party vendor in case of a hardware malfunction, will be backed up in secure external storage. The device will be wiped before being handed over to an external technician. The IT Department is responsible for creating a secure backup and erasing the data from the device. Passwords must not be shared with an external technician.
It is recommended that passwords meet the complexity requirements mentioned in this policy.
Passwords must be changed regularly

Responsibilities of Systems Processing Passwords – All International Schooling information systems including servers, applications, databases, and websites that are hosted by or for International Schooling must be designed to accept usernames and passwords and transmit them proper security.

Passwords must not be displayed when entered while logging into any information system or the International Schooling Learning Platform.
Passwords must never be stored in information systems in a readable format. All passwords must be encrypted while being stored in International Schooling information systems.
Systems storing or providing access to data or remote access to the internal network should be secured with multi-factor authentication.
Only authorized individuals must be granted access to encrypted password hashes.

Password Recommendations

Will contain at least five (5) characters
Not based on something that anyone else might guess using person-related details (e.g., names, addresses, email, phone numbers, birth date, etc.)
Composition of one character or more from each of the following types:
- Upper English Letters (A-Z),
- Lower case English letters (a-z)
- Numbers (0-9)
- Different characters (` ~ ! @ # $ % ^ & * ( ) + – = { } | \ : ” ; ‘ < > ? , . / , space)

Password Reset Options – By using the Forgot Password mechanism on the Learning Platform the preferred and fastest method users can reset a forgotten password. Alternatively, users can contact the Help Desk for guidance.

Account Lockout – International Schooling has implemented a lockout policy to prevent attempts to guess passwords or compromised accounts. The lockout criteria of accounts are given below.x

The account will be locked out after five (5) invalid password attempts for fifteen (15) minutes.
International Schooling’s IT Help Desk must be contacted for the account to be unlocked sooner. The user’s identity must be verified before unlocking the account.
Any sudden changes in the IP while accessing the user account will lock out the account and will only be restored by the IT Help Desk.

2.10 Access Management Policy

2.10.1 Policy Statement

International Schooling employs several employees to handle day to day operations. All members of the International Schooling community are expected to comply with these standards for providing, modifying, and terminating an individual’s access throughout his/her tenure at International Schooling

2.10.2 Purpose of Policy

This policy establishes principles and provisions to support the security and management of information assets and privacy of data of International Schooling.

2.10.3 Principles

Access Hierarchy – International Schooling uses a multiple approval system for granting access to employees. Each department consists of a department head who approves all access requests. Some low-level requests may be approved by the immediate supervisor depending on the access request. Each access request has to be communicated to the immediate supervisor and department head via email. Employees must include a detailed explanation of the level of access to the system and specifying which parts, functions, and features are to be accessed by the employee. Access to systems is divided into 3 levels: High, Moderate, Low

High-level access includes but not limited to, database access, production server access, student records, teacher records, financial records, confidential data, etc. High-level access is given to department heads, managers, etc.
Moderate–level access includes but not limited to, application code access, testing server access, deactivating unused accounts, access to marketing-related functions, restricted data, etc. Moderate-level access is given to project leads, executives, developers, quality analysts, designers, etc.
Low-level access includes creating an account, on the International Schooling platform, access to public data, blogs, video, etc. Low-level access is given to video bloggers, graphic designers, etc.

All employees are assigned official accounts to share data and resources relating to International Schooling.
Change in Account Credentials upon Termination – If an individual has known passwords for accounts (server credentials, database credentials, etc.) or information remaining active, these must be changed upon the termination of the individual. Upon termination, the official account of the employee will be inactivated.
Electronic Equipment – Information systems that were assigned to or used by the individual terminated must be inventoried and retained. Information systems include laptops, desktops, smartphones, servers, external or portable hard drives, email, etc.
Access rights must be immediately disabled or removed when the user is terminated or ceases to have a legitimate reason to access systems.
The IT Head, Help Desk, or the authorized personnel will conduct a verification of the user’s identity before issuing a new password.
For the detection of dormant accounts and accounts with excessive privileges, existing user accounts, and access rights must be reviewed at least yearly. Examples of over-privileged accounts shall include:

Employee accounts who no longer work for the institution.
An active account with access rights that are not required for the function and responsibilities of the user. For example, users who have no authority or responsibility to authorize expenses should not be allowed access to a financial system with approval permissions.
System administrative rights or permissions granted to a user who is not an administrator (including permissions to change the security settings of a system).
Unknown active account

2.11 Integrity Policy

2.11.1 Policy Statement

In accordance with the International Schooling Data Categorization Policy, all information systems that create, receive, store, or transmit data must adhere to the principles of this document.

2.11.2 Purpose of Policy

This policy addresses best practices to protect data on information systems.

2.11.3 Principles

Information systems or applications that create, receive, store, or transmit data must, without exclusion, adhere to the following:

Disabling unnecessary services- All information systems (applications servers, etc.) must disable services that are not required to fulfill the system’s business purpose. Examples of resources required include SMTP, Web services, etc.

Malicious software protection- All information systems must include but are not limited to, personal firewall software and automated security patch installation. Users should make reasonable efforts to keep updated systems with the latest security patches and antivirus software. Antivirus software is available through the IT Department for all users.

Patch Management- Information systems managers and administrators have the responsibility to determine which patches to deploy (e.g. application patches). In cases where a patch is recommended by the IT department, information system managers and administrators must deploy that patch in a timely fashion.

Intrusion Detection and Vulnerability Scanning– Intrusion detection and prevention technologies must track networks that facilitate the collection, storage, or transfer of data for intrusion and compromise. Intrusions must be recorded, registered, and reported in compliance with the International Schooling Incident Response Policy. Information systems must be scanned for vulnerability.

Server Security – Server administrative functions on information systems may be performed only by personnel with authorization (e.g. Server Administrators).

2.12 Authentication and Authorization Policy

2.12.1 Policy Statement

In accordance with the International Schooling Data Categorization Policy, all information systems that create, receive, store, or transmit data must adhere to the authentication and authorization principles of this document.

2.12.2 Purpose of Policy

This policy addresses the best practices to ensure proper authentication and authorization to data created, received, stored, transferred on the International Schooling network

2.12.2 Principles

Procedures for ensuring appropriate access to information systems must include:

Authorization methods (e.g. using the Learning Platform credentials, official International Schooling accounts), including manner and type of authorized administrative access.
Authentication methods (e.g. requiring passwords), including manner and type of authentication
Documentation of each employee’s access rights to information systems
Managers and administrators should provide only limited access to employees. It must be based on the functions that need to be performed on the system.

2.13 Administrative Policy

2.13.1 Policy Statement

In accordance with the International Schooling Data Categorization Policy, all information systems that create, receive, store, or transmit data must adhere to the administrative security principles of this document.

2.13.2 Purpose of Policy

This policy addresses best practices to ensure proper administrative security of data created, received, stored, transferred on the International Schooling network.

2.13.3 Principles

Risk Management – International Schooling manages network threats by recognizing, assessing, controlling, and mitigating weaknesses that are a probable threat to the information and data systems under our control. We carry out our defined risk management process constantly, sporadically assessing risks and implementing controls corresponding to the changes in our information systems in addition to the changes in federal and state policies and regulations.

Risk assessment is performed on new systems and/or on the systems that go through considerable changes before they join the network, and appropriate measures are taken to deal with the risks related to vulnerabilities so recognized.
Yearly risk assessment is carried out on active information systems, and suitable measures are taken to address the associated risk with identified weaknesses.
Threat or vulnerability notifications from the Learning Platform and other third party sources are assessed and monitored for all applications and systems connected with any International Schooling information system.
When needed, security authorization for International Schooling information systems to function with security risks that are assessed and determined to be tolerable is taken from the IT Head.

Security Awareness and Training – International Schooling provides employees with security awareness training upon hire. International Schooling’s security awareness training includes guidance related to the Learning Platform’s features. Employees are made aware of International Schooling’s security and other policies and are made aware of common threats or attacks (such as phishing).

Security Audits – International Schooling ensures that internal security audits are conducted annually on International Schooling information resources and systems. The

the objective of the security audits would be to authenticate compliance with the standards and procedures laid down in the International Schooling IT Security Policies and Procedures and ensure that a particular information system has adequate and appropriate controls prepared to protect International Schooling assets, maintain data reliability, and operate efficiently and capably to meet the objectives of the International Schooling.

Contingency Planning – IT Head of the Learning Platform is responsible for creating, implementing, and testing, at least annually, disaster recovery plans for the system. All plans must address and document the following:

An analysis of data criticality, which considers importance relative to the mission of the school, the sensitivity of the data on the system, and the amount of data on the system.
Data backup policies and procedures.
Recovery procedures used to restore operational capacity or data.
Emergency plans, which detail the process for maintaining business operations and protecting data while operating in an emergency mode.

2.14 Exceptions

Any request for exceptions to the International Schooling’s IT Security Policies and Procedures:

Must be submitted to the IT Head.
Without obtaining a written approval the request for exception will not be accepted.
Any request for the exception would be considered on a case to case basis.
Approved exceptions may be annually reviewed and revoked as required.

2.15 IS Security System Architecture

International Schooling has built and operated a robust information security program, which includes, implementing preventative and detective security mechanisms including:

International Schooling hosts all user-facing web applications on the AWS (Amazon Web Services) infrastructure. The AWS infrastructure is highly stable, tolerant to faults, and secure. To secure AWS data centers worldwide, AWS has introduced physical security and environmental protection measures. All the servers of International Schooling (production server, testing servers) are hosted on AWS.
The application, network, data security measures are taken by International Schooling to avoid possible security attacks include but are not limited to:

Use of a Web Application Firewall – The use of a web application firewall minimizes the risk of potential threats to the application. A Web Application Firewall helps to secure web applications by filtering and monitoring the HTTP traffic between a web application and the Internet. Typically it defends web applications from threats such as cross-site forgery, cross-site scripting (XSS), file inclusion, and brute force attacks, SQL injection, etc..

Distributed Denial of Service Attack Mitigation-Distributed Denial of Service Attack (DDoS) is a deliberate effort to disrupt the normal traffic of a targeted server, system, or network by overwhelming the target or the associated networks with an Internet traffic surge. DDoS attacks gain effectiveness by using various infected computer systems as sources of traffic attack. Using a Web Application Firewall (WAF) can help mitigate a DDoS attack. The firewall will act as a reverse proxy by putting a Web Application Firewall between the Internet and the International Schooling site, by shielding the International Schooling server from malicious traffic.
Domain Name System – All of International Schooling’s IP addresses are secured through the use of the DNS. Users can access the Learning Platform only using the domain name. These IP addresses are changed from time to time to avoid attacks on the application.
Load Balancing – Load balancing distributes traffic between two servers or more. Even before the requests are overwhelmed and stopped by an origin server, heavy amounts of traffic to that server can still cause major latency problems. A Load Balancing system can distribute that traffic across multiple locations, making sure that no single location handles so many requests that it causes delay.

SSL/TLS Encryption and CDN – International Schooling uses the Secure Sockets Layer to ensure that all user and server requests and responses are encrypted in a 256-bit format. Transport Layer Security ( TLS) is a data encryption protocol that is sent over the internet. A content delivery network ( CDN) refers to a group of servers that are geographically dispersed, working together to deliver fast Internet content. A CDN enables the quick transfer of assets needed for Internet content loading, including HTML pages, javascript files, stylesheets, images, and videos. Also, a properly configured CDN can help protect websites against some common malicious attacks, such as Distributed Denial of Service ( DDOS). A CDN can withstand and mitigate an amount of incoming attack traffic that would easily overwhelm the International Schooling server by having enough data center locations and sizable bandwidth capabilities.

- File Uploading and Downloading Security – User-uploaded files are stored in the Amazon S3 bucket with unique names. To prevent session hijacking from user-uploaded files and preserve the integrity of the system, International Schooling prevents users from accessing documents that are not in an active session and don’t have the proper authorization to access the documents.
- Access and Authentication – Only IT Head, System Administrators, and Database Administrators have access to the production servers and databases. Access to these servers must be approved by the IT Head.
- Server and Database Backup – All production databases are backed up twice a day, one on the local server and two on remote locations. Servers are backed-up every 15 days, manually.
- Incident Notification – All technical issues and incidents are reported to the IT Head by the Non-Academic Staff. In addition to this, an email notification is sent to the IT Head containing the Application Logs in the event of any technical incidents occurring. All incidents are tracked using the issue tracking tools.
1. Coding and Testing Practices – International Schooling code repository is managed through code version control software. Access to the code repository is given based on the sprint that needs to be performed by the IT Staff. All-access to the repository is given only to the IT Head and Product Manager and can only be accessed to the IT Staff on an approval by the IT Head. Issue tracking and implementation of new features in International Schooling is managed through issue tracking tools. The testing of new features is conducted on the testing server and released on production only after the approval of the IT Head.

2.16 International Schooling Disaster Recovery Plan

This section describes the plan and procedures that International Schooling has established to recover from disasters affecting its production operations. We describe how to recover from disaster scenarios, the steps to be taken when disasters are declared, the policies regarding notification of personnel during disasters.

2.16.1 Definition of Disaster

A disaster is described as any disruptive event that could have adverse long-term effects on the International Schooling service. In general, at International Schooling, possible disasters must be treated with the highest priority at all:

Natural Disasters- Tornado, Earthquake, Hurricanes, etc.
Man Made-Virus and hacker attacks, phishing scams, SQL injection, brute force attacks, malware, etc.

2.16.2 Notification of a Disaster

In the event of a disaster, if the production server shuts down or is being attacked, an email is sent to the IT Head by AWS which will notify the IT Head about the attack.

It is the responsibility of the IT Head to notify all key personnel of International Schooling (All department heads) about the attack which will include a description of the event, the effect to the service, and any potential impact to data.
Once recovery is complete and the service is available, the notification will include general information about steps taken to recovery, and any data that may have been impacted.

2.16.3 Steps of Recovery

Establish contact with the individuals needed to carry out recovery. In the event of an attack, IT Head, System Administrators, and Database Administrators must be contacted.
Determine the steps required to fully recover from the disaster. Following steps for system recovery must be taken:
- Analyzing recovery time – Server should be recovered within a working day of the attack.
- Configuration of an Alternate Server – Configuration on a valid alternate server which will act as the International Schooling’s alternate operating server. The capabilities required to operate the platform should be available at the alternate server.
- Restoration of application and databases – Current backups of the application software and data must be available at a remote location. Application and databases must be restored on the alternate server.
Execute the recovery steps
Verify that recovery is complete
Notify key all department heads general information about steps taken to recover the application and any data that may have been impacted.