Uncompromising Data Security & Compliance
The safety of students is your top priority, and protecting their information online is ours. Rank One is an industry leader in data security and top tier compliance to make sure that sensitive student forms, documents, and information are stored and sent safely.
Compliance at every level
Rank One Data Security Overview
This page outlines the security, privacy, and compliance measures implemented in our platform. It is intended to provide technical stakeholders with a detailed overview of the controls, processes, and standards we follow to protect customer and student data. This includes encryption practices, access controls, auditing procedures, disaster recovery, and regulatory compliance across healthcare and educational contexts.
Standards
SOC 2 Compliant
Our platform is SOC 2 compliant, with audits conducted via AWS. SOC 2 standards ensure our commitment to:
- Security: Protection against unauthorized access
- Available: Reliable system uptime and accessibility
- Processing Integrity: Accurate and consistent data processing
- Confidentiality: Protection of sensitive customer information
- Privacy: Responsible handling of personal data
Auditing & Proven Practices
- Rigorous Auditing: Regular reviews to identify and address risks
- Industry-Specific Compliance: Alignment with sector best practices and regulatory requirements
- Proven Track Record: Continuous monitoring and compliance verification
- User-Centric Design: Security integrated seamlessly into user experience
Reference Links
SOC 2 Compliance Overview - AWSSOC 2 Trust Service Criteria
Encryption
Data in Transit
All data exchanged between user devices and our servers is encrypted using TLS 1.2/1.3, ensuing secure communication.
Data at Rest
Stored data is protected with AES-256 encryption, one of the strongest standards for safeguarding sensitive information.
Data Centers & Infrastructure
Hosting
All data is hosted in AWS data centers located in the United States, providing reliable performance, redundancy, and regulatory compliance.
Backups & Disaster Recovery
- Daily Backups: Automatic daily snapshots of all critical data
- Disaster Recovery Plan: Comprehensive procedure for restoring systems and data in the event of a failure outage
Access Controls
We implement strict access controls to minimize risk:
- Passkeys & Multi-Factor Authentication (MFA) for user and admin access
- Least-Privilege Access: Users and employees are granted only the permissions necessary to perform their roles
Compliance
We adhere to multiple federal privacy and educational standards:
- HIPAA - Protects protected health information (PHI) in healthcare contexts.
- FERPA - Maintains student privacy, legal compliance, and transparency in educational institutions.
- PPRA - Ensures responsible collection and use of student information, giving parents and schools control over sensitive data.
- TX-RAMP - Demonstrates compliance with Texas state security standards for cloud-based services, ensuring that our platform meets rigorous risk and control requirements for government and educational use.
- PCI DSS - Validates that our payment architecture fully outsources card processing to PCI-compliant providers. Rank One does not store, process, or transmit cardholder data, meeting the lowest-scope PCI requirements while maintaining industry-standard security for payment transactions.
Reference Links:
HIPAA Compliance OverviewFERPA Guidance - US. Department of Education
PPRA Overview
TX-RAMP Overview
PCI DSS Overview
Accessibility
Our platform is designed to be accessible to all users, including those with disabilities:
- WCAG & ADA Level AA Compliance: Ensures readable text, screen reader compatibility, and clear navigation
Reference Links:
WCAG GuidelinesADA Standards for Accessible Design
Security Testing
Penetration Testing & Vulnerability Scanning
- Regular internal and external tests identify potential vulnerabilities
- Automated vulnerability scanning is performed continuously to maintain system integrity
Thank you for your trust
At Rank One, we do more than just adhere to industry standards; we go above and beyond to make sure you and your students are protected under our watch. If you have a safety question, feel free to reach out to us at [email protected]
