Raptor is dedicated to the security and privacy of customer information. As such, we are always adding steps to further enhance our data protection, including enhanced monitoring and anomaly detection across all our systems and databases.
A voluntary compliance standard for service organizations specifying how organizations should manage customer data, the SOC 2 examination assesses companies against five (5) trust principles: Security, Availability, Processing Integrity, Confidentiality, and Privacy. A company may choose to be examined in any or all of these categories.
While SOC 2 Type 1 evaluates an organization’s security at a specific point in time, SOC 2 Type 2 evaluates the organization’s security over a span of time to determine the effectiveness of that organization’s data security controls.
Raptor has retained an independent, third-party auditor to annually the extent to which we comply with two of the trust principles: Security and Privacy. They based their assessment on our existing security and privacy systems and processes, such as our ability to:
We believe Raptor is one of the few school safety software companies to have completed the SOC 2 examination for Security and Privacy.
Raptor has been added to the list of signatories to the Student Privacy Pledge. We are committed to the Student Privacy Pledge and take great care to safeguard student information. More information about the pledge can be found here.
Raptor employs a comprehensive suite of tools, policies and procedures to ensure the reliability, performance, and security of the Raptor Platform, including;
All data is encrypted at rest and in transit based on National Institute of Standards and Technology (NIST) encryption guidelines. Raptor data stores are encrypted using AES 256 data encryption and all communications between services and customers are secured with TLS encryption. The product environment is segregated from the outside world using a Web Application Firewall (WAF) and development and staging environments are always separated from production.
We collect limited data and only use collected data for the specific reason it was provided. Customer data can be deleted upon request. Raptor Technologies complies with relevant privacy laws such as COPPA and FERPA.
All Raptor employees undergo mandatory security awareness training upon hire and additional refresher training annually. This training includes general information security hygiene such as password management and phishing detection as well as proper handling and identification of sensitive information.
Raptor developers receive additional training on secure coding techniques and Azure infrastructure security configuration.
Raptor maintains a comprehensive Incident Response policy including escalation and communication with impacted stakeholders.
At Raptor we recognize the impact data security has on the communities we serve. We are committed to maintaining transparency and in providing updates about the improvements we make to securing our systems and data.
In December 2023, Raptor was alerted to a potential security vulnerability related to certain cloud containers that store documents uploaded by Raptor customers, as well as log files used to maintain and service our software platform.
While this vulnerability could have rendered certain data externally accessible, Raptor has found no evidence of any malicious data exfiltration, or unauthorized distribution, misuse, or acquisition of any potentially affected data. Raptor has conducted a comprehensive web search which has found and continues to find no indication that the data at issue was exposed via a data dump or other malicious access. Raptor previously notified all customers who could have been impacted by this potential for unauthorized access and provided information on all documents that could have been impacted by this issue.
A third-party forensic examination of the cloud containers was completed in February. In addition to this forensic examination, we engaged a third-party provider to confirm the effectiveness of our previous remediation efforts and to perform comprehensive security configuration and controls assessments to further harden our cloud environment. We have also implemented enhanced cloud logging, integrated a security posture management system, and deployed new monitoring and detection technologies, to further safeguard the information in our possession.
We are resolute in our commitment to security and privacy and will continue to improve and invest in our security programs, controls, third-party expert advice, and personnel.
Copyright © 2024 Raptor Technologies | All rights reserved | Privacy Notice