Security and Compliance

1. Our commitment

EquiOps treats district trust as foundational and designs controls to protect confidentiality, integrity, and availability of district data.

2. Data protection controls

• Encryption in transit using modern TLS standards.
• Encrypted storage for data at rest.
• Least-privilege and role-based access control.
• Centralized logging and monitoring of privileged access.
• Environment isolation between production and non-production systems.

3. FERPA awareness

EquiOps supports FERPA-aligned district operations. Districts control what data is shared, and EquiOps processes data only under district authorization.

4. Identity and access management

Access to customer data is restricted to authorized personnel with business need, reviewed periodically, and revoked promptly when no longer required.

5. Secure development and change management

We use code review, dependency management, environment-specific testing, and monitored deployments to reduce release risk and improve service integrity.

6. Incident response

EquiOps maintains incident response procedures for detection, escalation, containment, recovery, and customer notification where required by law or contract.

7. Retention and deletion

Districts retain ownership of submitted data. On termination, district data may be returned or securely deleted according to contractual terms.

8. Business continuity

Services are designed for resilience with backup and recovery capabilities, and procedures to restore critical functions after disruption.

9. Compliance posture and contact

EquiOps is built for FERPA-aligned district operations and supports district governance obligations through contractual commitments in our DPA and service agreements. Security inquiries can be sent to security@equiops.org.