Security Best Practices

Our Key Security Practices

LinkIt! maintains strict internal administrative, technical, and physical procedures to protect account holders’ personally identifiable information (PII) stored on the LinkIt! platform.
LinkIt! is responsible for safeguarding the information saved to its platform. This extends to management of the data lifecycle: collection, storage, use, archival, and destruction.
School Districts and local education agencies (LEAs) own the data they upload to the LinkIt! platform. They also designate account holders and their respective privileges (e.g., functions, data access, and use policies) for using the LinkIt! platform.
School Districts, LEAs, and their account holders are responsible for safeguarding the information they download, extract, share, or print from the LinkIt! platform. LinkIt! can only guarantee the confidentiality of information under its control (i.e., on its platform).

Our web servers, data servers, and network data storage are maintained in secure, SOC2-compliant cloud hosting data centers that are located domestically.
LinkIt! follows the rigorous premise, device, and media security controls recommended in ISO/IEC 27001 and NIST SP 800-171.

Access to protected data is limited to authorized personnel with highly restricted, permissioned, audited access.
Data is encrypted both in transit and at rest.

Data backups are performed regularly: full backups (weekly), differential backups (daily), and transactional backups (every 10 minutes).
Encrypted backups are redundantly stored in a secure, off-site facility. These backups are located within the customer’s home country.
LinkIt! schedules platform and software updates to minimize user downtime.

LinkIt! incorporates quality assurance procedures to maintain data auditability, completeness, reliability, and accuracy.
Data field parameters support input and content validation.

Permissioned access restricts the activities that can be carried out by authorized users and enables audit trails.
24/7 monitoring detects and flags anomalous behavior early for swift mitigation and response.
Regularly scheduled penetration testing of encrypted web services with enforced business logic promote situational awareness and security program improvements.