Data Security and Compliance

Protecting our customers’ sensitive data is of paramount concern. Raptor maintains a comprehensive data security program and regularly reviews our security infrastructure, policies and procedures to ensure the protection of customer’ data.
Data Security & Compliance

How Raptor Ensures Data Security

Raptor is dedicated to the security and privacy of customer information. As such, we are always adding steps to further enhance our data protection, including enhanced monitoring and anomaly detection across all our systems and databases.  

1

Service Organization Control (SOC) Type 2 Examination

One of the most important components of response is being prepared before inclement weather or natural disasters impact your region. This includes understanding what disaster you’re most likely to experience and having a robust plan for quick, coordinated response. Each geographic region can experience different combinations of disasters, as illustrated below.

A voluntary compliance standard for service organizations specifying how organizations should manage customer data, the SOC 2 examination assesses companies against five (5) trust principles: Security, Availability, Processing Integrity, Confidentiality, and Privacy. A company may choose to be examined in any or all of these categories.  

While SOC 2 Type 1 evaluates an organization’s security at a specific point in time, SOC 2 Type 2 evaluates the organization’s security over a span of time to determine the effectiveness of that organization’s data security controls. 

Raptor has retained an independent, third-party auditor to annually assess or evaluate the extent to which we comply with two of the trust principles: Security and Privacy. They based their assessment on our existing security and privacy systems and processes, such as our ability to: 

  • Monitor known and unknown threats to confidentiality; 
  • Demonstrate our standard security alerting procedures are in place; 
  • Provide detailed audit trails; and 
  • Take quick and corrective action against suspicious activity. 

We believe Raptor is one of the few school safety software companies to have completed the SOC 2 examination for Security and Privacy. 

2

Student Privacy Pledge

Raptor has been added to the list of signatories to the Student Privacy Pledge. We are committed to the Student Privacy Pledge and take great care to safeguard student information. More information about the pledge can be found here. 

3

Monitoring of System Activity

Raptor employs a comprehensive suite of tools, policies and procedures to ensure the reliability, performance, and security of the Raptor Platform, including;  

  • Active 24×7 availability and performance monitoring and alerting 
  • Active 24×7 security monitoring and alerting by a Managed Security Services Provider (MSSP) to facilitate detection and alerting of malicious or anomalous activity.  
  • Regular vulnerability scans of Raptor’s applications and regular penetration tests of the environment are performed. 
  • System access is limited to a need-to-know basis and permission levels are regularly reviewed. 

4

Data Management and Storage

All data is encrypted at rest and in transit based on National Institute of Standards and Technology (NIST) encryption guidelines. Raptor data stores are encrypted using AES 256 data encryption and all communications between services and customers are secured with TLS encryption. The product environment is segregated from the outside world using a Web Application Firewall (WAF) and development and staging environments are always separated from production. 

5

Data Privacy and Compliance

We collect limited data and only use collected data for the specific reason it was provided. Customer data can be deleted upon request. Raptor Technologies complies with relevant privacy laws such as COPPA and FERPA.  

The Raptor Privacy Policy can be found here. 

6

Employee Training

All Raptor employees undergo mandatory security awareness training upon hire and additional refresher training annually. This training includes general information security hygiene such as password management and phishing detection as well as proper handling and identification of sensitive information. 

Raptor developers receive additional training on secure coding techniques and Azure infrastructure security configuration. 

7

Incident Response and Notification

Raptor maintains a comprehensive Incident Response policy including escalation and communication with impacted stakeholders.  

8

Our Commitment to Transparency and Security

At Raptor we recognize the impact data security has on the communities we serve. We are committed to maintaining transparency and in providing updates about the improvements we make to securing our systems and data.   

In December 2023, Raptor was alerted to a potential security vulnerability related to certain cloud containers that store documents uploaded by Raptor customers, as well as log files used to maintain and service our software platform.  

 

While this vulnerability could have rendered certain data externally accessible, Raptor has found no evidence of any malicious data exfiltration, or unauthorized distribution, misuse, or acquisition of any potentially affected data. Raptor has conducted a comprehensive web search which has found and continues to find no indication that the data at issue was exposed via a data dump or other malicious access. Raptor previously notified all customers who could have been impacted by this potential for unauthorized access and provided information on all documents that could have been impacted by this issue.  

 

A third-party forensic examination of the cloud containers was completed in February. In addition to this forensic examination, we engaged a third-party provider to confirm the effectiveness of our previous remediation efforts and to perform comprehensive security configuration and controls assessments to further harden our cloud environment.  We have also implemented enhanced cloud logging, integrated a security posture management system, and deployed new monitoring and detection technologies, to further safeguard the information in our possession.  

 

We are resolute in our commitment to security and privacy and will continue to improve and invest in our security programs, controls, third-party expert advice, and personnel.