Physical security of our server clusters is the responsibility of our hosting vendors. We utilize a combination of industry leading cloud hosting by Amazon Web Services and Linode to support all of our installations and related tooling and services. The physical server cluster is located in Northern Virginia and Dallas, TX respectively. No data is transferred and/or stored outside of these vendors or their locations.

Electronic security is a shared responsibility between our platform and our hosting vendors. We employ a variety of anti-hacking technologies to support our strict security measures as well as transferring all system traffic and data across SSL-secured (TLS 1.2, SHA256) connections. We maintain an A+ security rating as evaluated by Qualys SSL Labs, the full report of which can be found here.

Further, we are not in favor of using of technologies and protocols that add risk by introducing opportunities for security compromises. An example of this is our focus on single sign-on and Learning Tools Interoperability (LTI) integration for authentication to eliminate the need for internal storage and handling of passwords.

Highlights of our response to the HECVAT include:

1. Annual uptime exceeding 99.99% (four nines)
2. A+ SSL Labs 10+ years running
3. 24/7 infrastructure monitoring
4. WCAG 2.2 AA compliance
5. A dedicated client success team
   

In addition to safeguarding data within the higher education landscape, our platform not only meets industry standards but also complies with the varied expectations of our valued users in the higher education community. Likewise, we understand and meet the industry standards for accessibility in higher education technology. We have designed with accessibility in mind so that our product meets legal requirements, but more so that it supports users with disabilities. We support our clients’ unique journeys from implementation to maintenance, and we ensure that the experience functions as smoothly and consistently as possible for all end users.

While we acknowledge the importance of thorough assessments and the mitigation of risk, through the HECVAT we also wish to communicate our pragmatic approach, ensuring that our practices and investments align with our resources, technical complexity and infrastructure, user and compliance requirements, and syllabus management as core function within the institutional ecosystem. Rest assured, our commitment to data privacy and security remains a top priority, and we regularly approach the HECVAT assessment with such requisite attention and responsibility. For access to Concourse's most recent HECVAT attestation, email support@campusconcourse.com.