Last Updated: Jan 28, 2025
Courseflow Inc., also known as Nexus AI, and based in Knoxville, TN, is committed to the data securityof our products. This document outlines the security measures and protocols in place to protect theintegrity, confidentiality, and availability of user and student data managed by Nexus, a product of Courseflow, Inc.
• In Transit: All data transmitted between Nexus clients and servers is encrypted using TLS 1.2 or higher, ensuring that data remains secure and private during transmission. This protects your data as it moves between Microsoft Azure services and users.
• At Rest: Data is protected at rest using Transparent Data Encryption (TDE) in Microsoft AzureSQL Database, which encrypts and decrypts databases, associated backups, and transaction log files in real-time. Microsoft also provides standard AES-256 encryption for all file storage withStorage Accounts. Both services are protected by a firewall which blocks unauthorized access.
• Key Management: Azure Key Vault is used to manage and control sensitive information including client credentials or API keys. This service allows for key rotation, setting permissions, and logging key usage for auditing purposes.
• Authentication: Nexus enforces strong password policies and utilizes multi-factor authentication (MFA) for accessing any sensitive systems or data repositories. Additionally,Nexus supports single sign-on (SSO) integrations, allowing users to authenticate using existing credentials from trusted providers like Google Workspace and Microsoft Azure Active Directory.This ensures seamless and secure access for organizations leveraging third-party identity providers.
• Authorization: Role-based access control (RBAC) is employed to ensure that users are granted access only to data necessary for their role. Access permissions are regularly reviewed and adjusted in response to role changes.
• Audit Trails: All access to sensitive data is logged and monitored. Regular audits are conductedto ensure compliance with our security policies and procedures.
• Firewalls
o Azure Firewall: A managed, cloud-based network security service that protectsAzure Virtual Network resources. It's a stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
o Application Gateway Web Application Firewall (WAF): Provides centralized, inbound protection against common web vulnerabilities and exploits. It operates atLayer 7 (HTTP/HTTPS layer) and is designed to integrate with Azure's load balancing features.
• Network Security Groups (NSGs): NSGs are used to filter network traffic to and fromAzure resources in an Azure Virtual Network. They can contain multiple inbound and outbound security rules that enable you to filter traffic by source and destination IP address, port, and protocol.
• Virtual Network (VNet) Peering: Securely connects Azure virtual networks to each other.It allows traffic to be routed directly between VNets via Microsoft’s backbone infrastructure, avoiding public Internet exposure.
• VPN Gateway: For secure connections from on-prem networks to the Azure environment,Azure VPN Gateway enables encrypted traffic movement. It supports industry-standard protocols like IKEv2 and SSTP.
• Regulatory Compliance: Nexus adheres to the Family Educational Rights and Privacy Act(FERPA) and the Children's Online Privacy Protection Act (COPPA), ensuring that all data handling practices comply with legal standards.
• Standards Compliance: Nexus operates in compliance with recognized standards such asISO 27001, SOC 2, and the Ed-Fi Data Standard V4 and Suite 3. This compliance is maintained through rigorous internal processes and security measures that align with the guidelines set forth by these standards.
• Detection and Analysis: We utilize advanced monitoring tools to detect anomalies and potential security incidents.
• Response and Mitigation: In the event of a security breach, our incident response team is mobilized to contain and mitigate the impact, following a well-defined incident response plan.
• Notification: Affected parties are promptly notified in accordance with legal obligations and our commitment to transparency.
• Data Accuracy: Nexus implements checks and balances such as checksums and data validation techniques to ensure the accuracy and consistency of stored data.
• Backup and Recovery: Regular backups are performed, and data is stored in multiple, geographically dispersed data centers to ensure recoverability in case of disaster.
• Security Best Practices: Users are educated on best practices for data security, including the creation of strong, unique passwords and recognizing phishing attempts. Nexus also has minimum password requirements based on NIST Authenticator and Verifier Requirements.
• Secure Settings: Recommendations are provided for securing user devices and browsers when accessing Nexus.
Courseflow, Inc. is committed to the security of all data entrusted to us by our users and their institutions. We continuously improve our security measures to address emerging threats and ensure that our products remain a safe, reliable platform for educational data management. For questions or concerns about our privacy practices, please contact us at support@asknexus.ai.
