Jump to top

Privacy, Security Policies & Terms

! Updated 2011-09-28

Privacy and Non-disclosure Policy

Concerning non-disclosure and protection of intellectual property rights:

Each client and Chalk & Wire Learning Assessment Inc. affirms and will take appropriate steps to protect the intellectual property rights of the other. Specifically, the institution retains all intellectual property rights in all information, materials, and intellectual property, including but not limited to courses and materials, provided by the user or institution to Chalk & Wire, and Chalk & Wire retains all intellectual property rights in the ePortfolio2 system, including ePortfolio2™ software and hardware and computer code.

The user or institution (its employees and/or relatives thereof) acknowledges the proprietary rights of Chalk & Wire regarding the research and development of Chalk & Wire software tools. Officials of the institution or its designees, may discuss and access products for the purposes of testing and providing feedback to Chalk & Wire about new features and enhancement. They are prohibited from revealing the work of Chalk & Wire software research and development in any manner with any entity that might reasonably be expected to develop similar software for either commercial or non-commercial purposes.

FERPA/PIPEDA/The Privacy Act & other prevailing privacy legislation

Chalk & Wire understands that the institution is subject to either FERPA (USA- Family Educational Rights and Privacy Act), or PIPEDA (Canada- Personal Information Protection and Electronic Documents Act, and The Privacy Act), or The Privacy Act (Australia) or any other prevailing State/Provincial or Federal/national privacy legislation. Chalk & Wire abides by all applicable legal regulations of these Acts in force in the nation wherein the client/institution resides. Specifically, where institutions are concerned , Chalk & Wire is considered an official of the institution as regards the protection of user and institutional data. As an official of the institution, Chalk & Wire must protect the privacy all user data provided by the institution/users and shall not transmit, share, or disclose any data about a end users without their written consent, except to other officials of the institution with a legitimate interest (i.e., the institutional official must seek the information within the context of his/her professionally assigned responsibilities with the institution and the information must be used within the context of official business of the institution).

Primus Canada (International Class 1 ISP)/Chalk & Wire Access to data

Primus employees cannot access institution data. They are not granted permission to the file servers’ directories. Permissions are limited to the Chalk & Wire System Administrator account and the individual process accounts for the application (i.e. each institution’s process account only has permissions to its name space on the SAN filer and cannot access other clients’ data. Primus does not have permissions to access the database instance. They are responsible for 24/7 monitoring, “remote hand” only and their user permissions reflect that.

C&W employees’ access: This is limited to four people based on their job requirements
  1. Lead developer: access to the data in a specific database only if requested to resolve a specific issue with that institution’s installation. The Lead developer does not have direct access to the production environment.
  2. Senior Database developer: access to the data in a specific database only if requested to resolve a specific issue with that institution’s installation. The Database developer does not have direct access to the production environment.
  3. Director of Client Support & Services: no access to server files structure or backside database, but to assessment data and portfolio data as seen by the institution’s local administrators. Access this data only if requested by the client. Functional/feature based access to the production environment (the code base that users actually work from).
  4. Chief Technical Officer: This person is also the system administrator and handles the deployment of code, server patching and disaster recovery. The CTO has full access to the production environment in all respects.

Last revised September 15, 2009.

Application and Security Overview

Overview
  • Chalk and Wires E-Portfolio application is built using Microsoft ASP.NET 2.0.
  • Database backend has been designed around the Microsoft SQL 2005 platform.
  • File storage options are flexible and allow local disk (includes iSCSI), remote UNC shares, NAS or SAN devices.
Hosting Requirements
  • Web Servers:
    • IIS 6.0+
    • ASP.NET 2.0

  • Database Server:

    • MS-SQL 2005

  • ASP.NET 2.0 Session State database

  • Client Database Instances

  • File Storage:

    • Local (RAID1/RAID5) or Remote SAN/NAS device

Disaster Recovery
  • Disaster Recovery details:
    • MS-SQL 2005 replication
      • EMC Replistor is used to copy the database files over to the redundant fail over server in real time using bit level replication

    • File Servers replication

      • Primary SAN Device replicates to fail over DR SAN device using native volume level replication (volume mirroring) in real time.

Security Overview
  • Application isolation
  • Each instance of the application is run under a unique security account. Application pools for each instance isolated by the security account(worker process isolation mode)
  • Database permissions are limited to unique process account (i.e. instance A does not have permissions to access instance B database)
  • File system permissions limit each instance ACL to their specific namespace.
  • Application input sanitized against SQL Injection (re: Object Model).
  • Cisco ASA-5505 firewall
  • Cisco Local Director Load Balancer
  • SSL Certificates encrypt traffic between client/server
  • Security patches applied monthly in regular scheduled maintenance.
  • 3rd party 24/7 monitoring of server application processes and firewall intrusion attempts with 30 minute SLA
  • DR failover testing performed every 6 months. DR documentation policies stored off-site.
  • Monthly rotational off-site storage of production data
  • Data Centre

Primus Ottawa Data Centre
  • State-of-art security
    • Biometric security enforced through an iris scanner offers one of the most accurate, non-invasive security measures to ensure only authorized people enter the facility
    • Guarded entrances have security cameras to scan and digitally record the interior and exterior of the facility 24 hours a day
    • Security cameras incorporate low-light technology to allow clear visibility at night

  • UPS systems and a high capacity generator

    • Multiple 650 Kilowatt diesel generators that holds enough fuel for 24 hours of runtime at 100% capacity
    • Generators are housed in a separate secure underground sound insulated bunker
    • In the event of a power failure, the generator requires only five seconds to start and reach maximum generating capacity
    • All equipment in the Internet Data Centre server room is powered from UPS systems designed with redundant NuWave modular UPS to ensure the equipment continues to operate in the event of a power failure

  • The Network Operation Centre (NOC)

    • Consists of groups of trained experts, who staff the data centre 24 hours a day and are able to identify and fix problems quickly
    • Staff monitor the network and provide support for managed server and firewall services for clients
    • Staff use remote hands assistance, including rebooting servers or rotating tapes, and assist clients through the data centre

  • Redundant Cooling System

    • The server room has tonnes of redundant cooling delivered by Liebert systems, each unit with redundant compressors and AC units that are computer controlled to maintain temperature and humidity in the facility

  • Fire Suppression System

    • Fire suppression capabilities are executed through FM-200 gas that extinguishes fire without water, to ensure no water damage to the IDC’s equipment
    • The back-up sprinkler system is installed and operates as a pre-action system, keeping pressurized air in the pipes
    • The air is only replaced with water when the pipes reach a high temperature and the smoke detection system determines there is an active fire due to smoke.

Terms of Use !

General Users’ Terms (Rev. 09.28.2011)