Security Measures and Protocols

Security Measures and Protocols

Physical security of our server clusters is the responsibility of our hosting vendors. We utilize a combination of industry leading cloud hosting by Amazon Web Services and Linode to support all of our installations and related tooling and services. The physical server cluster is located in Northern Virginia and Dallas, TX respectively. No data is transferred and/or stored outside of these vendors or their locations.

Electronic security is a shared responsibility between our platform and our hosting vendors. We employ a variety of anti-hacking technologies to support our strict security measures as well as transferring all system traffic and data across SSL-secured (TLS 1.2, SHA256) connections. We maintain an A+ security rating as evaluated by Qualys SSL Labs, the full report of which can be found here.

Further, we are not in favor of using of technologies and protocols that add risk by introducing opportunities for security compromises. An example of this is our focus on single sign-on and Learning Tools Interoperability (LTI) integration for authentication to eliminate the need for internal storage and handling of passwords.

We are pleased to share (attached, below) our latest Higher Education Community Vendor Assessment Toolkit - HECVAT Lite 3.05 - with you. As an engineer-founded organization, we have and continue to place a strong emphasis on supporting the best practices embodied in the HECVAT. Particular consideration is paid to security, privacy, scalability, reliability, availability, and resiliency throughout the development, implementation, and maintenance of our product. These key performance metrics are woven into the fabric of our company and set us apart in the industry. 

Highlights of our response to the HECVAT include:

  1. Annual uptime exceeding 99.99% (four nines)
  2. A+ SSL Labs 10+ years running
  3. 24/7 infrastructure monitoring
  4. WCAG 2.1AA compliance
  5. A dedicated client success team

In addition to safeguarding data within the higher education landscape, our platform not only meets industry standards but also complies with the varied expectations of our valued users in the higher education community. Likewise, we understand and meet the industry standards for accessibility in higher education technology. We have designed with accessibility in mind so that our product meets legal requirements, but more so that it supports users with disabilities. We support our clients’ unique journeys from implementation to maintenance, and we ensure that the experience functions as smoothly and consistently as possible for all end users.

While we acknowledge the importance of thorough assessments and the mitigation of risk, through the HECVAT we also wish to communicate our pragmatic approach, ensuring that our practices and investments align with our resources, technical complexity and infrastructure, user and compliance requirements, and syllabus management as core function within the institutional ecosystem. Rest assured, our commitment to data privacy and security remains a top priority, and we regularly approach the HECVAT assessment with such requisite attention and responsibility.

For more information on the security protocols Concourse has implemented, review the attached Higher Education Community Vendor Assessment Toolkit (HECVAT-Lite)

    • Related Articles

    • CSRF Security Check Failure

      Rarely you may see an error resulting from the CSRF security check. This happens when either (1) cookies are disabled in your browser or (2) a page - more specifically a form - is left open and the data is not submitted or saved for a long time, ...

    • Concourse for Editors

      Click on the link below to access our Articulate Rise training for Concourse syllabus editors. Please note that due to recently implemented security measures, the training will open in a separate window. Concourse for Editors Training

    • System Requirements and Recommendations

      Concourse is a web-only solution. Therefore all you need is an internet-connected computer or device in order to access Concourse. Below is a breakdown of technical requirements and recommendations to fully utilize Concourse. Browser Chrome 67+ ...

    • Getting Started with Concourse

      Congratulations on your decision to bring Concourse to your institution! The Concourse team is excited to assist you in this process to ensure a smooth and successful deployment of Concourse to your faculty, staff, and students. As with the ...

    • LTI 1.3 Integration: Canvas

      In order to utilize this tutorial, you need to have System Administrator level permissions in Concourse. If you do not have these permissions, please contact the Concourse administrator at your institution to get the correct access before attempting ...