Nextup is committed to keeping your data private and secure.
What is FERPA?
FERPA is a United States federal law that protects the privacy of students in their educational records from unauthorized disclosure. Rights under FERPA transfer from the parents of a student to the student when the student turns 18 years of age or enrolls in school beyond the high school level at any age. FERPA applies to all academic institutions that receive funds from a Department of Education program.
What are educational records? FERPA classifies educational records as records that directly relate to a student and are maintained by an educational agency, academic institution, or by a party acting for the agency or institution.
Is there a FERPA certification? There are not currently any certification programs approved by the federal government that assess third-party compliance with FERPA. Academic institutions must perform their own assessments to determine whether a third-party product or service affects their compliance.
Here’s how Nextup supports education-sector customers with their FERPA compliance.
- Data Security. We support the latest recommended secure cipher suites and protocols to encrypt Customer Data in transit and at rest. We also perform regular vulnerability scans and application-level penetration tests by independent entities. For more information on our security visit our security center.
- Subprocessor Transparency. We are also transparent about our subprocessors —third-party data processors that help support the delivery of our Services with whom we share Customer Data. View our current list of subprocessors.
- Physical Safeguards. Amazon Web Services (AWS) is our third-party hosting provider. AWS has world-class physical and environmental security, including strictly controlled perimeters, ingress points with video surveillance, on-site security, and two-factor authentication. More on AWS’s physical and environmental security is available here.
Our Security Infrastructure and Certifications
Protecting our customers’ information and their users’ privacy is extremely important to us. As a cloud-based company we’ve set high standards for security. We’ve received security certifications from the American Institute of Certified Public Accountants such as SOC 2 and can be configured for HIPAA compliance.
Nextup has invested in building a robust security team, one that can handle a variety of issues — everything from threat detection to building new tools. In accordance with GDPR requirements around security incident notifications, Nextup will continue to meet its obligations and offer contractual assurances.
If you’d like to learn more about Nextup’s security policies and procedures, please see our security page. It provides detailed information on how we approach security, and includes information on how Nextup ensures user data security in particular, including our technical and organizational measures (TOMs) as well as our encryption standards.
If you would like a copy of our security reports or penetration tests we are happy to provide the details for your teams review.
At Nextup, we are committed to the security and privacy of your data. So we’re glad to comply and help you comply with the FERPA. If you have any questions about your rights under the FERPA as a user or how Nextup can help you with compliance as a Customer, we hope you’ll reach out to us at firstname.lastname@example.org.
Please also visit our Trust Center to learn more about our privacy, security and compliance programs.