Security

The RuffaloCODY applications and data center are designed to provide optimal security and performance while also ensuring that the functionality and data integration you need will be there--whenever and wherever you need it. High-end servers are used to run applications and house databases. These servers are optimized specifically for these purposes and are constantly being monitored to ensure ideal load balancing and processor performance. They're also configured to work in conjunction with Web servers and data servers to maximize data integration and ensure easy access through your Web browser.

The security of the data center and various applications are detailed below:

Infrastructure Security

The primary defense for any type of data access is the underlying infrastructure, both hardware
and software. The 
RuffaloCODY Data Center employs the following strategies to secure data
access:

  • Physical Intrusion: The physical security of the data center is covered in a separate
    document attached below.
  • Firewall: All servers are protected by hardware/software firewalls at the appropriate level
    for their purpose. For instance, all database servers are housed completely behind the
    firewall and accessible only by RuffaloCODY application servers. Direct access to database
    servers is not available for any purpose.
  • Personnel AccessRuffaloCODY employs policies restricting data access to only senior
    personnel.

Application Security

Only applications created by RuffaloCODY have direct access to data. This allows security considerations to be made during the development process. All communication done in Enrollment Manager (logging in, running reports, running advanced find, etc) is done using a secure encrypted browser session.

Data Import/Export Security

All files uploaded and downloaded via FTP are transmitted using an encrypted FTP session.

Web Module Security

All data submitted by students through forms, including event registration, is done through an encrypted browser session.

Database/Backend Security

All communications between servers within our hosted, multi-tier infrastructure is done through secure channels inaccessible from external networks.

User Account creation

User access requires account creation for those staff members that should have access to the Enrollment Manager application, including Enrollment Manager, Bulk Email, Event Registration Management, and Forms Manager. Requests for new users or changes to existing users should be made through the Enrollment Manager Support Team.

One license equals one user account/login

Single sign-on

The Enrollment Manager user login allows access to the following:
  • Bulk Email
  • Event Registration Manager
  • Forms Manager
  • Analytics
It is possible that users will have varying levels of access to the system. Specific access requirements for each user are defined by the client on the User Worksheet.

User roles/access

Enrollment Manager:
  • Administrator: The maximum level of Enrollment Manager access including but not limited to creating reports, creating/ initiating duplicate check processes, creating teams, etc…
  • User: Standard access for all basic Enrollment Manager functionality including the ability to modify/add records, utilize Advanced Find, create/manage outreach lists, etc…
  • Read-only: User may view information, but no additions or modifications can be made. Read-only user accounts do not count against the number of contracted licenses.
Bulk Email:
  • Bulk email access allows users to create content, modify and send bulk emails.
  • If the user will have bulk email access, a “from address” should be designated on the user worksheet.
Event Registration Manager:
  • Administrator: Allows the ability to customize the appearance of the event calendar, modify event messages, and execute imports/exports related to events.
  • User: Create events, manage registrations, and run reports.
Forms Manager:
  • Access to Forms Manager allows the user to review and take action on data related to online inquiry and/or application form submissions.
Ċ
Jeff Arnold,
Nov 7, 2014, 6:54 AM
Ċ
Jeff Arnold,
Nov 7, 2014, 6:55 AM
Comments