Skip to content

Security at IntelliBoard

At IntelliBoard, safeguarding your data is our fundamental duty. We don’t just meet security standards - we engineer them into every layer of our platform. From encryption to zero-trust access, our security model is built to protect your institution’s most sensitive learning analytics.

Our systems are aligned with ISO 27001, NIST 800-53, and FedRAMP Moderate controls. We are SOC 2 Type I compliant with TX-RAMP Provisional Certification (TX1758009, valid through March 10, 2027), with Type II attestation in progress, and our controls are under active review by independent auditors.

We are building and operating to the full requirements - because trust starts with accountability.

Our Security Framework

We protect your data through a layered, zero-trust architecture. Every component - from data ingestion to user access - is authenticated, encrypted, and continuously monitored.

  • Encryption

    All data is protected in transit and at rest using industry-standard protocols and key management practices.

  • Access Controls

    Strict role-based and row-level security ensure users only access data they are authorized to see.

  • Monitoring & Response

    Real-time threat detection and a 15-minute response SLA keep your platform secure and your data safe.

How We Protect Your Data

Encryption & Data Protection

We ensure your data remains private at every stage of its lifecycle.

  • In Transit: All data transfers use TLS 1.3 with perfect forward secrecy.
  • At Rest: Data is encrypted with AES-256 using keys managed in AWS KMS with strict rotation policies.
  • Key Security: Access to cryptographic keys is limited to authorized personnel and audited quarterly.
  • Data Classification: Sensitive data (e.g., student grades) is identified and receives enhanced protection per our Information Security Policy 🔒.
  • Regulatory Alignment: Our practices meet global standards, as outlined in our Privacy Policy.

Our Cryptographic Policy

Our Information Security Policy 🔒 details our full encryption strategy and key management lifecycle.

Access Controls & Identity Management

We enforce strict access policies to prevent unauthorized use.

  • Role-Based Access Control (RBAC): Users (admins, instructors, advisors) access only the data they need.
  • Row-Level Security (RLS): An advisor sees only their students. A dean sees only their school.
  • Multi-Factor Authentication (MFA): Required for all administrative accounts.
  • Session Security: Inactive sessions time out after 15 minutes.
  • Identity Verification: All access requests are logged and audited.

Access Management Policy

Our Access Management Policy 🔒 defines user roles, permissions, and audit requirements.

Monitoring, Detection & Incident Response

We maintain 24/7 vigilance over our systems.

  • Real-Time Surveillance: Our SIEM system detects anomalies (e.g., failed logins, unusual data access) in real time.
  • Threat Detection SLA: Suspicious activity is identified and triaged within 15 minutes.
  • Incident Response: A dedicated team follows a documented process to contain, investigate, and resolve threats.
  • Client Notification: If an incident impacts your data, we notify you within 72 hours via secure channels.
  • Audit Logs: All system and user activity is logged immutably for forensic review.

Transparency in Action: Our Incident Response Policy 🔒 outlines the full lifecycle - from detection to post-incident review.

Security at a Glance

  • Encryption

    TLS 1.3 in transit, AES-256 at rest

  • Access Control

    RBAC + RLS + MFA enforced

  • Threat Detection

    <15 minutes from detection to triage

  • Breach Notification

    <72 hours to affected clients

  • Compliance Alignment

    ISO 27001, NIST 800-53, FedRAMP, SOC 2

  • Uptime SLA

    99.9% - backed by our Business Continuity Policy 🔒

  • HECVAT Ready

    HECVAT🔒 submission available through formal request process

Your Role in Security

Security is a shared responsibility. While we protect the platform, your team can strengthen security by:

  • Using strong, unique API credentials
  • Enabling SSO and MFA for your LMS
  • Reporting suspicious activity to privacy@intelliboard.net

For secure integration guides, visit our Knowledge Base.

Have questions or need a copy of our security policies? Contact us at privacy@intelliboard.net.