Data Security You Can Trust with Your Whole Campus

Data Center Security

SmartEvals is a hosted web application that is fully maintained and supported by SmartEvals LLC. Server assets and data are stored at our secure primary datacenter and failover colocation. SmartEvals owns and operates its primary datacenter, and employs industry best practices to enforce access restrictions, including the use of biometric locks, camera monitoring, and alarms. Both facilities are compliant with SSAE 16 SOC 2 security standards, and are located within the United States.

Network Security

SmartEvals employs proven network security strategies for data loss prevention and blocking unauthorized access. Our network architecture utilizes firewalls, antivirus and antimalware software, as well as penetration, PCI, and port scans. All data transmissions are secured over HTTPS, and SmartEvals uses only secure wired connections for its internal networks.

Application Security

The SmartEvals suite of web applications includes a number of data protection measures. These include institution-defined access roles, configurable authentication rules, behavioral analytics monitoring and automated alerts, as well as intrusion prevention software.

FERPA Compliance

The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. FERPA prohibits disclosure of information from a student’s educational record without consent, and it applies to all schools that receive funding from the U.S. Department of Education. The law makes certain exceptions to permit disclosure to third parties, so long as the third party is engaged in the performance of legitimate services under the direct control of the institution.

Due to its role in performing a service of “legitimate educational interest” to your institution, SmartEvals is permitted to receive and process protected data under FERPA. As such, SmartEvals maintains the following policies and protocols in compliance with FERPA:

• Your institution remains in direct control of its data at all times. In short, your institution retains ownership of all data provided to SmartEvals, and can determine which types of protected and/or directory information are shared.
• SmartEvals will never share or retransmit your data with any outside organization. All confidential data is protected by our stringent internal security protocols and non-disclosure policies.
• SmartEvals encourages your institution to disclose SmartEvals as a “school official with legitimate educational interests” in its Annual Notification of Rights under FERPA.

In short, due to SmartEvals’ role and precautions with regard to data protection, your school may leverage our services without risk of violating FERPA.

GDPR Compliance

The General Data Protection Regulation (GDPR) went into effect on May 25, 2018, and is designed to standardize data protection and privacy laws for all individuals within the European Union and the European Economic Area. SmartEvals provides a GDPR-compliant solution by providing the option for users to remove their personal information in accordance with GDPR guidelines.