Skip to content

Security at IntelliBoard

At IntelliBoard, safeguarding your data is our fundamental duty. We don’t just meet security standards - we engineer them into every layer of our platform. From encryption to zero-trust access, our security model is built to protect your institution’s most sensitive learning analytics.

Our systems are aligned with ISO 27001, NIST 800-53, and FedRAMP Moderate controls. We are SOC 2 Type I compliant, with Type II attestation in progress, and our controls are under active review by independent auditors.

We are building and operating to the full requirements - because trust starts with accountability.

Our Security Framework

We protect your data through a layered, zero-trust architecture. Every component - from data ingestion to user access - is authenticated, encrypted, and continuously monitored.

  • Encryption

    All data is protected in transit and at rest using industry-standard protocols and key management practices.

  • Access Controls

    Strict role-based and row-level security ensure users only access data they are authorized to see.

  • Monitoring & Response

    Real-time threat detection and a 15-minute response SLA keep your platform secure and your data safe.

How We Protect Your Data

Encryption & Data Protection

We ensure your data remains private at every stage of its lifecycle.

  • In Transit: All data transfers use TLS 1.3 with perfect forward secrecy.
  • At Rest: Data is encrypted with AES-256 using keys managed in AWS KMS with strict rotation policies.
  • Key Security: Access to cryptographic keys is limited to authorized personnel and audited quarterly.
  • Data Classification: Sensitive data (e.g., student grades) is identified and receives enhanced protection per our Information Security Policy 🔒.
  • Regulatory Alignment: Our practices meet global standards, as outlined in our Privacy Policy.

Our Cryptographic Policy

Our Information Security Policy 🔒 details our full encryption strategy and key management lifecycle.

Access Controls & Identity Management

We enforce strict access policies to prevent unauthorized use.

  • Role-Based Access Control (RBAC): Users (admins, instructors, advisors) access only the data they need.
  • Row-Level Security (RLS): An advisor sees only their students. A dean sees only their school.
  • Multi-Factor Authentication (MFA): Required for all administrative accounts.
  • Session Security: Inactive sessions time out after 15 minutes.
  • Identity Verification: All access requests are logged and audited.

Access Management Policy

Our Access Management Policy 🔒 defines user roles, permissions, and audit requirements.

Monitoring, Detection & Incident Response

We maintain 24/7 vigilance over our systems.

  • Real-Time Surveillance: Our SIEM system detects anomalies (e.g., failed logins, unusual data access) in real time.
  • Threat Detection SLA: Suspicious activity is identified and triaged within 15 minutes.
  • Incident Response: A dedicated team follows a documented process to contain, investigate, and resolve threats.
  • Client Notification: If an incident impacts your data, we notify you within 72 hours via secure channels.
  • Audit Logs: All system and user activity is logged immutably for forensic review.

Transparency in Action: Our Incident Response Policy 🔒 outlines the full lifecycle - from detection to post-incident review.

Security at a Glance

  • Encryption

    TLS 1.3 in transit, AES-256 at rest

  • Access Control

    RBAC + RLS + MFA enforced

  • Threat Detection

    <15 minutes from detection to triage

  • Breach Notification

    <72 hours to affected clients

  • Compliance Alignment

    ISO 27001, NIST 800-53, FedRAMP, SOC 2

  • Uptime SLA

    99.9% - backed by our Business Continuity Policy 🔒

  • HECVAT Ready

    HECVAT🔒 submission available through formal request process

Your Role in Security

Security is a shared responsibility. While we protect the platform, your team can strengthen security by:

  • Using strong, unique API credentials
  • Enabling SSO and MFA for your LMS
  • Reporting suspicious activity to privacy@intelliboard.net

For secure integration guides, visit our Knowledge Base.

Have questions or need a copy of our security policies? Contact us at privacy@intelliboard.net.