Q: What steps does Wayfinder take to protect student data?
A: Wayfinder is fully compliant with FERPA and COPPA. All personal information is encrypted within the database including names, emails, passwords, and responses. Additionally, all student data is owned by the school/district and Wayfinder staff members do not have permission to review the responses of any individual student. The school/district will be able to establish and customize levels of user access amongst administrators, teachers, and students.
Q: What confidential student information, as defined in FERPA, does Wayfinder’s mobile application capture?
A: The mobile application captures student names, email addresses, passwords, classrooms, and student responses.
Q: Does Wayfinder maintain cybersecurity insurance?
A: Wayfinder maintains cybersecurity insurance for $3,000,000.
Q: What type of vulnerability management does Wayfinder deploy?
A: We utilize tools like PackAttack to detect and block brute force attacks, excessive logins, phishing attempts, etc.
Q: Does Wayfinder actively employ data loss prevention tools?
A: We’ve implemented “soft delete” across most of our data models allowing us to undelete records within a two week period, after which those “soft deleted” records are permanently removed. Our Postgres database has a two-week window backup allowing us to roll back to the previous version within that window.
Q: Is the mobile application hosted by a third-party provider?
A: Our backend web app is hosted on Heroku with files stored on AWS S3, and our frontend web app is also hosted on Heroku.
Q: Does the application support single-sign on?
A: The application does support single sign-on using the Security Assertion Markup Language (SAML) protocol.
Q: How many concurrent users can the platform support?
A: We are using Rails auto scaler, which automatically increases the number of servers based on load. We continuously monitor usage and ensure that we always have 30% free space of storage.
Q: What are the processes and provisions regarding the automated exchange of data between the mobile application and the school/district’s student information and assessment systems?
A: Wayfinder’s mobile and web applications are built on REST API. We can integrate with the school/district’s student information and assessment systems to allow for automated exchange of data easily using our REST API. This would be included as part of our ongoing support and would not be an extra charge for the school/district. Additionally, data can be exported to CSV.
Q: What is Wayfinder’s process for testing and releasing software updates, and for providing continuity during major updates?
A: We utilize a production and a staging environment. We deploy to our staging environment first, where the QA engineer tests the update. Once all tests are run, we then deploy to the production environment on weekend or late at night to minimize disruption to users. All users will be communicated with prior to any major updates or potential disruptions to service.
