5min read

Rosalyn’s Commitment to Trust

We take security and privacy matters seriously and have taken measures to protect our customers' data at all times. Our commitment to  data protection and care for privacy is reflected in how we design our products, how we implement operational security practices and the technology choices we make.

Security of cloud datacenters

For cloud infrastructure controls implementation and verification we leverage a host of AWS security services. AWS SOC Compliance information can be found here . In addition to SOC, AWS ISO and CSA STAR certifications can be reference here:

Security for computing

Rosalyn's security model is based on the NIST Cybersecurity Framework (CSF) and SOC 2 Criteria of Security and Confidentiality, with additional controls for compliance with international privacy laws and regulations (EU GDPR, California CCPA, Illinois BIPA, etc.). For the higher education market, Rosalyn specifically targets the HECVAT standard. Rosalyn intends to implement an SOC2 Type 2 audit in 2023

For cloud infrastructure controls implementation and verification we leverage a host of AWS security services. 

The target security standards used to track progress are

  • Center for Internet Security (CIS) AWS Foundations Benchmark standard
  • AWS Foundational Security Best Practices

For penetration testing of components deployed into production, Rosalyn works with penetration testing specialist vendors.

Risk Assessments are carried out inside Rosalyn and implementation of mitigations are planned as part of sprints.

Data Security

All data in production systems inside Rosalyn are also encrypted in flight and at rest using industry standard algorithms such as AES-256 or protocols such as HTTPS, TLS and SSH. All access to production data is logged. For all cloud resources Rosalyn leverages identity and access management for defining user access and policies for fine-grained user and systems access control across all of our hosting systems. All hosting systems are separated by account level access barriers for further layers of security.  Rosalyn also provides additional controls and governance capabilities, to further protect our customers' users and data.

Special consideration is given to Personally Identifiable Information (PII). All PII data flows are mapped out throughout development of our systems and clearly documented and understood throughout the organization. Lifecycles for all data, including PII is defined and maintained through established processes in order to comply with applicable regulations including GDPR.

Endpoint Security

Corporate desktops and laptops are managed by enterprise device management and endpoint protection software.

Business Continuity and Disaster Recovery

All of Rosalyn's software services are available 24 / 7.

All data stores inside Rosalyn are backed up on a continuous basis. Our main database offers global deployment over multiple regions and disaster recovery from region-wide outages. It uses storage-based replication with typical latency of less than 1 second, using dedicated infrastructure that leaves our database fully available to serve application workloads. In the event of a regional degradation or outage, one of the secondary regions can be promoted to read and write capabilities in less than 1 minute.

We currently target a Recovery Time Objective and Recovery Point Objective of under two hours with the goal of reducing this further in Q3 2022.

In accordance with Rosalyn's Business Continuity Policy, the Business Continuity Plan, testing, and procedures are updated and performed annually.

Security Software Development Lifecycle Standard

Through our platform's planning, development, and release processes, security practices are incorporated into the Rosalyn’s Software Development Lifecycle.

Vulnerability Prevention

Our Security Development Lifecycle follows OWASP guidelines.We contract with industry-leading penetration testing providers to examine our production architecture annually.

SSO

In order to provide SSO by any number of Identity Providers (IdPs), Rosalyn supports federated access via SAML 2.0.

Personnel Security

Rosalyn's security begins with its employees. Rosalyn implements security controls for its employees and contractors before, during, and after their tenure. Controls include security and privacy training and automated deprovisioning of logical and physical access to Rosalyn resources. Select Rosalyn staff also continuously receive advanced Cybersecurity Awareness Training in collaboration with select training partners.

Data Privacy

Our customers' privacy is important to us, and we take it very seriously. We do not sell, share, or export your data to third parties we gather from the use of our platform. As stated in your customer agreement, we only provide data to our sub-processors for use in processing your data. We do not process biometric information, and are compliant with GDPR, and BIPA regulations

Data Recovery

We regularly back up your data and target a RTO and RPO of 2 hours.

Data Deletion

Users, videos, and other data can be deleted directly from our Compliance Request service. Within X days of terminating a relationship with Rosalyn, all customer data will be removed from our systems.

Data Retention

Rosalyn video and audio recordings are retained according to company policies, with flexible configurations based on how long recordings should be kept before being deleted.

EU Datacenter

Rosalyn supports customers with organizational requirements around data residency, requiring EU citizen data to reside in the EU.

Third-party audits attest and certify Rosalyn's security, data privacy, and compliance controls to help meet customers' legal, regulatory, and organizational policy requirements. Biometric information is not processed by us

See also:

This comprehensive guide explores the evolution of proctoring services, delving into the intricacies and comparisons of different AI proctoring models to provide education leaders with the insights needed to make informed decisions and uphold academic integrity.

Read More
Marketing

As artificial intelligence (AI) takes the center stage across countless industries, it brings along its own suite of misconceptions. This is especially evident in the realm of remote exam proctoring – a field accelerated by COVID-19 – where misconceptions of transformative technologies sow doubts and hinder the adoption of genuinely transformative tools.

Read More
Business

Welcome to the future of cheating, where AI isn't just an ally but an accomplice. In CheatCode 2.0, we're delving into the unexpected frontier of academic dishonesty—where the machines that are programmed to help us learn can also be hijacked to game the system. Get ready for a journey through the intricate maze of ethical dilemmas and technological advancements, as we unravel why AI might be the newest threat to academic integrity and what Rosalyn.ai is doing to level the playing field

Read More
User friendly proctoring platform for your students and faculty.
hello@rosalyn.ai
How It WorksTrustSupportBlogEnd User Terms of Use
Privacy Policy
Informed ConsentStudent Experience
BIPA Compliance
TrustScore 4.0
Copyright © 2022 Rosalyn.ai
Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

deny icon
Deny
allow icon
Accept
deny icon
Deny