.png)
Security Policy
Genius Factor Academy, LLC
Effective Date: September 1, 2025
Last Updated: September 1, 2025
Our Security Commitment
Genius Factor Academy maintains the highest standards of information security to protect
student data, educational records, and personal information. Our comprehensive security
program ensures the confidentiality, integrity, and availability of all data entrusted to us by the
educational community.
Security Framework
Our security program aligns with industry standards including:
- NIST Cybersecurity Framework - Comprehensive cybersecurity approach
- FERPA Security Requirements - Educational data protection standards
- SOC 2 Type II - Annual third-party security audits
- State Education Privacy Laws - Compliance with state-specific requirements
Technical Security Measures
Data Protection
- Encryption: All data encrypted in transit (TLS 1.2+) and at rest (AES-256)
- Access Controls: Role-based access with multi-factor authentication
- Network Security: Firewalls, intrusion detection, and network segmentation
- Secure Development: Security testing throughout software development lifecycle
Infrastructure Security
- Data Centers: Industry-leading physical security and environmental controls
- Cloud Security: Enterprise-grade cloud infrastructure with redundant systems
- Monitoring: 24/7 security monitoring and threat detection
- Backup Systems: Encrypted backups with tested recovery procedures
Application Security
- Vulnerability Management: Regular security assessments and penetration testing
- Secure Coding: Security reviews and automated vulnerability scanning
- Session Management: Secure authentication and session controls
- Input Validation: Protection against common web application attacks
Administrative Security Measures
Personnel Security
- Background Checks: Security screening for all employees with data access
- Security Training: Comprehensive privacy and security training programs
- Access Management: Principle of least privilege with regular access reviews
- Confidentiality Agreements: All staff sign confidentiality and security agreements
Policy and Governance
- Security Policies: Comprehensive policies governing all security aspects
- Incident Response: 24/7 incident response team and procedures
- Compliance Monitoring: Regular audits and compliance assessments
- Vendor Management: Security requirements for all third-party providers
Data Governance
- Data Classification: Clear categorization of information sensitivity levels
- Handling Procedures: Specific protocols for different types of data
- Retention Policies: Secure data retention and deletion procedures
- Privacy Controls: Integration of privacy requirements into security measures
Physical Security Measures
Facility Protection
- Access Controls: Multi-factor authentication for facility access
- Surveillance: Comprehensive monitoring of all critical areas
- Environmental Controls: Climate control and fire suppression systems
- Visitor Management: Escort requirements and access logging
Equipment Security
- Asset Management: Complete inventory and tracking of all equipment
- Secure Disposal: Certified destruction of storage media
- Mobile Device Security: Encryption and remote wipe capabilities
- Workstation Security: Automatic screen locks and clean desk policies
Incident Response and Recovery
Security Incident Management
- Detection: Automated monitoring and alert systems
- Response Team: Dedicated incident response professionals
- Investigation: Forensic capabilities for security incident analysis
- Communication: Clear notification procedures for affected parties
Business Continuity
- Disaster Recovery: Tested procedures for system recovery
- Backup Operations: Alternative processing capabilities
- Communication Plans: Stakeholder notification during incidents
- Recovery Testing: Regular testing of continuity procedures
Compliance and Auditing
Regular Assessments
- Internal Audits: Quarterly security control assessments
- External Audits: Annual SOC 2 Type II audits by certified firms
- Penetration Testing: Regular testing by qualified security professionals
- Vulnerability Scanning: Continuous automated security scanning
Compliance Monitoring
- FERPA Compliance: Regular assessment of educational data protection
- COPPA Compliance: Monitoring of children's privacy protection measures
- State Law Compliance: Tracking of state-specific privacy requirements
- Industry Standards: Alignment with educational technology best practices
Data Breach Response
Immediate Response
- Containment: Immediate steps to stop unauthorized access
- Assessment: Rapid evaluation of breach scope and impact
- Notification: Timely notification of affected parties as required by law
- Remediation: Corrective actions to prevent future incidents
Legal Compliance
- Regulatory Notification: Compliance with federal and state breach notification laws
- Documentation: Comprehensive incident documentation and reporting
- Cooperation: Full cooperation with law enforcement and regulatory investigations
- Transparency: Clear communication with affected educational institutions
User Security Responsibilities
Educational Institutions
- Implement strong password policies for user accounts
- Provide security awareness training to staff and students
- Report suspected security incidents immediately
- Maintain current contact information for security notifications
Individual Users
- Use strong, unique passwords for platform access
- Report suspicious activities or potential security issues
- Follow institutional policies for technology use
- Protect account credentials and never share login information
Security Certifications and Standards
Current Certifications
- SOC 2 Type II - Security, availability, and confidentiality controls
- ISO 27001 - Information security management systems
- NIST Compliance - Cybersecurity framework implementation
- Cloud Security Alliance - Cloud security best practices
Ongoing Assessments
- Annual third-party security audits
- Quarterly internal security reviews
- Continuous vulnerability assessments
- Regular compliance monitoring
Continuous Improvement
Security Enhancement
- Threat Intelligence: Monitoring of emerging security threats
- Technology Updates: Regular updates to security technologies
- Process Improvement: Continuous refinement of security procedures
- Training Programs: Ongoing security education for all personnel
Performance Monitoring
- Security Metrics: Regular measurement of security program effectiveness
- Incident Analysis: Learning from security events to improve defenses
- Stakeholder Feedback: Input from educational institutions on security needs
- Industry Collaboration: Participation in education security communities
Contact Information
For security questions or to report security incidents:
ATTN: Chief Information/Security Officer
Genius Factor Academy
Email: info@geniusfactoracademy.com
Security Incident Reporting:
- Email: info@geniusfactoracademy.com
- Available 24/7 for critical security issues
- Response within 1 hour for high-priority incidents