IT Team Considerations

 

Whitelisting & Email Relay

Your IT department will need to “whitelist” Symplicity’s network addresses in order to ensure smooth delivery of email from your Symplicity application to your user community, especially students. Additionally, Symplicity will engage with you to help setup an email relay server, if required. These activities will ensure that Symplicity can send e-mails with a school e-mail address in the “From” field, without services such as Windows Live treating it as spam.

 
 

Authentication

Symplicity offers three methods of Authentication out-of-the-box and provides additional methods during implementation:

  • Local Authentication
  • LDAP
  • CAS
  • Custom SSO
 

Automated Data Import

 Automated data imports automate the import of various data sets and photos across all Symplicity systems, providing the ability to create and update records in your system(s) on a regular basis.  Various methods such as sFTP and/or APIs are available for integrating student information systems with Symplicity applications.

 

Data Privacy

 As data privacy laws and regulations become prevalent all over the world, Symplicity is committed to a transparent data privacy strategy. As a leader in the education software space, Symplicity already maintains many compliance certifications and annual audits. As an example of our commitment to maintaining robust security and data protection practices, Symplicity is certified to be compliant with the ISO 27001 standard, which is a framework for Information Security Management. Documentation of these practices is available upon request. Symplicity complies with all applicable privacy laws including applicable international data privacy laws. For US clients, all of our solutions, including our Student Disability Services (Accommodate) and Student Conduct & Judicial Affairs (Advocate) platforms, are FERPA compliant. While Symplicity creates management tools for higher education institutions our clients control their data and direct Symplicity regarding how to process their data.  Please see the Privacy Overview for more information.

 

Compliance Audits & Certifications

 Symplicity is compliant with and receives the following audits annually and will provide documentation upon request:

Additionally, Symplicity is PCI compliant for our applications that provide payment features within the system. Symplicity is Level 3 Merchant. Our Information Security Team fills out a PCI Attestation of Compliance (AOC) annually and can provide a copy upon request. Symplicity is also required to perform a quarterly network scan by an Approved Scan Vendor (ASV), and Symplicity uses Qualys as the vendor.
 
 

Encryption

Data in transit: All connections are over HTTPS utilizing the latest TLS encryption protocols.
Data at rest: All data at rest is encrypted using NIST 800 approved AES-256 encryption.


Patch Management

Security patches to the infrastructure will be worked on and applied as follows:

  • Critical Vulnerabilities — Responded to Immediately, remediated within 15 days
  • High Vulnerabilities — Within 30 days
  • Medium & Low Vulnerabilities — Within 90 days

All patches go through the dev/stage/test/prod environmental testing process with quality assurance testing at each step.

 

End of Contract/Data Extraction

The robust Symplicity reporting tool within the various products allows clients to extract data from the system. Clients may use the reporting engine at any time to extract data. As a professional service, clients may request a data dump. With 30 days’ notice, clients may request that client data be removed immediately at end of contract. Backups will automatically cycle the data out within 35 days (max) after the end of the contract.