Security and Compliance

Effective Date: 12.08.2025 • Last Updated: March 2, 2026

1. Security Program Overview

EquiOps is operated by VenturePath Enterprises LLC, registered in Missouri. We maintain a risk-based security program focused on confidentiality, integrity, and availability for district operations data.

2. Governance and Accountability

Security responsibilities are assigned across engineering and operations functions. We review controls, incident learnings, and platform risks regularly to improve security posture over time.

3. Data Protection Controls

  • Role-based access controls and least-privilege principles.
  • Encrypted transport channels for in-transit communications.
  • Protected data-at-rest mechanisms and controlled key practices.
  • Segmentation between production and non-production environments.
  • Centralized logging for privileged and sensitive operations.

4. Identity and Access Management

Access is granted based on business need and reviewed on a recurring basis. Access is revoked or adjusted promptly when role scope changes or access is no longer required.

5. Secure Development Lifecycle

Engineering workflows include peer review, dependency hygiene, environment-specific testing, and controlled deployments to reduce release risk and improve reliability.

6. Monitoring and Detection

Operational telemetry and security-relevant logs are used to detect anomalous behavior, investigate events, and support incident response workflows.

7. Vulnerability and Change Management

We prioritize remediation according to risk and operational impact. Changes to production systems are reviewed and managed through standard release controls.

8. Vendor and Subprocessor Security

Service providers that process data on our behalf are subject to contractual security and confidentiality obligations aligned with service risk and data sensitivity.

9. FERPA and School Data Context

EquiOps is designed for FERPA-aligned district operations. Districts determine authorized use and data scope, and EquiOps processes data under contractual instructions.

10. Incident Response and Notification

EquiOps maintains incident response procedures covering detection, triage, containment, recovery, and post-incident review. Where required by law or contract, impacted districts are notified without undue delay.

11. Resilience and Recovery

Platform operations include backup and recovery practices intended to support business continuity and restoration of critical functionality after disruption.

12. Security Contact

Security inquiries can be sent to security@equiops.org.

13. Informational Notice

This page is provided for general informational purposes and does not constitute legal advice.