Data Security and Compliance
Protecting our customers’ sensitive data is our top priority. Raptor maintains a comprehensive data security program and regularly reviews our security infrastructure, policies and procedures to ensure the protection of customer data.
Visit Our Trust Center
We enforce robust, industry‑standard controls designed to safeguard customer information while maintaining the integrity and availability of our systems.
How Raptor Ensures Data Security
Raptor is dedicated to the security and privacy of customer information. As such, we are always adding steps to further enhance our data protection, including enhanced monitoring and anomaly detection across all our systems and databases. Raptor has implemented the following data security practices:
Service Organization Control (SOC) Type 2 Examination
A voluntary compliance standard for service organizations specifying how organizations should manage customer data, the SOC 2 examination assesses companies against five (5) trust principles:
- Security
- Availability
- Processing Integrity
- Confidentiality
- Privacy
A company may choose to be examined in any or all of these categories.
While SOC 2 Type 1 evaluates an organization’s security at a specific point in time, SOC 2 Type 2 evaluates the organization’s security over a span of time to determine the effectiveness of that organization’s data security controls.
Raptor has retained an independent, third-party auditor to annually assess or evaluate the extent to which we comply with two of the trust principles: Security and Privacy. They based their assessment on our existing security and privacy systems and processes, such as our ability to:
- Monitor known and unknown threats to confidentiality;
- Demonstrate our standard security alerting procedures are in place;
- Provide detailed audit trails; and
- Take quick and corrective action against suspicious activity.
We believe Raptor is one of the few school safety software companies to have completed the SOC 2 examination for Security and Privacy.
Monitoring of System Activity
Raptor employs a comprehensive suite of tools, policies and procedures to ensure the reliability, performance, and security of the Raptor Platform, including;
- Active 24×7 availability and performance. monitoring and alerting
- Active 24×7 security monitoring and alerting by a Managed Security Services Provider (MSSP) to facilitate detection and alerting of malicious or anomalous activity.
- Regular vulnerability scans of Raptor’s applications and regular penetration tests of the environment are performed.
- System access is limited to a need-to-know basis and permission levels are regularly reviewed.
Data Management and Storage
- All data is encrypted at rest and in transit based on National Institute of Standards and Technology (NIST) encryption guidelines.
- Raptor data stores are encrypted using AES 256 data encryption and all communications between services and customers are secured with TLS encryption.
- The product environment is segregated from the outside world using a Web Application Firewall (WAF) and development and staging environments are always separated from production.
Data Privacy and Compliance
- We collect limited data and only use collected data for the specific reason it was provided.
- Customer data can be deleted upon request.
- Raptor Technologies complies with relevant privacy laws such as COPPA and FERPA.
- The Raptor Privacy Policy can be found here.
Employee Training
- All Raptor employees undergo mandatory security awareness training upon hire and additional refresher training annually.
- This training includes general information security hygiene such as password management and phishing detection as well as proper handling and identification of sensitive information.
- Raptor developers receive additional training on secure coding techniques and Azure infrastructure security configuration.
Incident Response and Notification
- Raptor maintains a comprehensive Incident Response policy including escalation and communication with impacted stakeholders.
Our Commitment to Transparency and Security
- At Raptor we recognize the impact data security has on the communities we serve.
- We are committed to maintaining transparency and in providing updates about the improvements we make to securing our systems and data.
Security Updates
- In December 2023, Raptor was alerted to a potential security vulnerability related to certain cloud containers that store documents uploaded by Raptor customers, as well as log files used to maintain and service our software platform.
- While this vulnerability could have rendered certain data externally accessible, Raptor has found no evidence of any malicious data exfiltration, or unauthorized distribution, misuse, or acquisition of any potentially affected data. Raptor has conducted a comprehensive web search which has found and continues to find no indication that the data at issue was exposed via a data dump or other malicious access. Raptor previously notified all customers who could have been impacted by this potential for unauthorized access and provided information on all documents that could have been impacted by this issue.
- A third-party forensic examination of the cloud containers was completed in February 2024. In addition to this forensic examination, we engaged a third-party provider to confirm the effectiveness of our previous remediation efforts and to perform comprehensive security configuration and controls assessments to further harden our cloud environment.
- We have also implemented enhanced cloud logging, integrated a security posture management system, and deployed new monitoring and detection technologies, to further safeguard the information in our possession.
- We are resolute in our commitment to security and privacy and will continue to improve and invest in our security programs, controls, third-party expert advice, and personnel.