Audited for accuracy as of May, 2023.
We are sensitive to all security and privacy concerns. In fact, security and privacy are our top priorities in providing our services to thousands of school districts throughout the United States. We are often asked if our service is subject to any federal privacy laws. Keep reading to learn how federal privacy laws apply to FinalForms.
Audited for accuracy as of May, 2023.
Security and compliance are shared responsibilities between AWS, FinalForms, and the School District (Customer). This model helps relieve FinalForms’ operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. In turn, FinalForms has responsibility and management of the operating system (including updates and security patches), other associated application software as well as the configuration of the AWS provided security group firewall. As shown in the chart below, this differentiation of responsibility is commonly referred to as Security “of” the Cloud versus Security “in” the Cloud. FinalForms carefully considers the services provisioned as responsibilities vary depending on the nature of the services, the integration of those services into the IT environment, and applicable laws and regulations. The Shared Responsibility Model is designed to provide FinalForms with flexibility and control over technology and the School District with flexibility and control over authorized user access.
There is no FERPA certification for a service provider such as FinalForms. In order to meet the FERPA requirements applicable to our operating model, FinalForms aligns our FERPA risk management program, detailed below.
For more on this subject, please visit: https://d0.awsstatic.com/whitepapers/compliance/AWS_FERPA_Whitepaper.pdf
Complete these 2 simple sentences:
Students lose stuff. They actually lose lots of stuff. And, more often than not, they shrug responsibility and evade penalty. And, every year, it costs athletic departments a mind-boggling amount of time and money to restock the equipment room.
Audited for accuracy as of January, 2025
At FinalForms, we prioritize the security and privacy of student data. Our platform is designed to comply with federal regulations, including FERPA, ensuring that personally identifiable information (PII) is protected.
We host our services on Amazon Web Services (AWS), utilizing their advanced security features and military-grade physical controls to safeguard data. All data transmitted through our platform is encrypted using HTTPS, and sensitive information is further encrypted at rest. Access to data is strictly controlled, with only authorized personnel undergoing comprehensive background checks permitted to handle student information.
FinalForms does not collect, maintain, use, or share PII beyond what is necessary for purposes authorized by the school district or the user. We do not sell or disclose PII for behavioral targeting of advertisements. Our internal privacy policies ensure the highest level of security when handling client information.
Military Grade Physical Controls + Enterprise Grade Security = Piece of Mind
Audited for accuracy as of May, 2023.
FinalForms is hosted in entirety on our infrastructure on Amazon Web Services (AWS) EC2 and S3 instances. We chose AWS specifically because of its prolific scale, redundancy, and emphasis on data privacy & security.
The Amazon Web Services infrastructure is designed and managed according to the highest standards for security and data protection, including SOC 1, 2, 3, PCI DSS Level 1, ISO 27001, FIPS 140-2, and more, as well as military-grade physical controls. Enterprise-grade security ensures data stays secure with SSL encryption. To provide continuous availability, FinalForms is deployed on multiple data centers. Every piece of data is automatically copied to multiple locations for redundancy – ensuring data is always available.
Our technology partnership with Amazon Web Services enables us to meet our commitment to securing customer data.
Frequently, FinalForms is used to store sensitive student health and demographic information on behalf of various school systems. Knowing this from the outset, we thoroughly researched and rigorously vetted a rock-solid solution that meets national educational industry standards.
This document details the steps we've taken at each layer to meet medical information standards and a multitude of other regulation programs.