Information security and data protection is an integral part of our core beliefs. We have dedicated security and compliance teams, who are committed to keeping your information safe and secure. Lightspeed Systems employs strict policies and procedures to ensure availability, integrity, and confidentiality of customer data.
We know you rely on Lightspeed Systems solutions to do amazing things, so we continuously monitor our services internally and through 3rd-party services. Find interruptions in services, updates, and maintenance announcements here.
Lightspeed Systems understands the need to safeguard the personal and confidential data of our customers, employees, and partners. Privacy and security is our responsibility, and we provide innovative solutions that enhance, rather than compromise, data privacy and security.
Since 1999, Lightspeed Systems has been partnering with schools around the world to protect students and make learning adaptable to the ever-changing technological landscape. The nature of our business mandates us to be compliant with the various student data privacy laws, to ensure student data is safeguarded.
Lightspeed Systems provides hosted services including mobile device management, web filtering, app analytics, and classroom management for schools. Our services are available at least 99.5% of the time, with servers being continuously monitored for performance and availability.
All Lightspeed Systems employees undergo background checks and sign a non-disclosure agreement before hire.
We have a written Incident Response Plan which details the processes for detecting, reporting, identifying, analyzing, and responding to Security Incidents impacting Lightspeed Systems networks and Customer Data.
If we learn of a data breach, we will follow our Incident Response Plan and notify our customers without undue delay.
Upon hire and on an ongoing basis, all employees are required to undertake privacy and security training, which covers privacy practices and the principles that apply to employee handling of personal information, including the need to place limitations on using, accessing, sharing and retaining personal information.
We provide training on specific aspects of security that they require based on their roles. For example, the product development team undergoes privacy by design and secure software development training. Employees are also subjected to regular phishing emails.
Lightspeed Systems may use sub-processors to perform services and are only entitled to access customer data only as needed to perform the Services and shall be bound by written agreements that require them to provide strict levels of data protection required by Lightspeed and applicable regulations. Here is a list of our subprocessors.
Pre-engagement and ongoing vendor assessments are conducted to ensure proper data privacy and security practices are in place throughout the vendor relationship.
Lightspeed Systems reviews its systems against the CIS Controls and NIST Frameworks, and any identified risks or gaps are addressed accordingly.
We have a designated Data Governance team that holds quarterly meetings to ensure data integrity
The following policy documents have been instituted and implemented across the organization: Security Policy, Incident Response Plan, Vulnerability Remediation Policy, Patch Policy, IT Standards Policy, Data Classification Policy, Data Deletion Policy, Vendor Assessment Policy, Vendor Security Standards Verification Procedure, Password Policy, Clean Desk Policy, Building Access Policy and PIA & DPIA Procedure.
Data is encrypted in transit and at rest.
Lightspeed Systems has implemented a Data Retention Policy. Where appropriate, our solutions utilize automated rules to purge data according to policy.
We perform regular backups of data and systems. Backup intervals are dependent on the type of data and range from minutes to once per day.
Lightspeed Systems has a Vulnerability Remediation policy to identify and remediate vulnerabilities according to the risk they present. We utilize patch management software to monitor systems and ensure patches are implemented.
Lightspeed Systems has in place anti-malware and anti-spam solutions to protect servers and workstations.
Lightspeed Systems has deployed logging and monitoring solutions to identify and investigate possible security events.
Access to personal information is limited through login credentials to those employees who require it to perform their job functions. In addition, Lightspeed Systems utilizes access controls such as Multi-Factor Authentication, Single Sign-On, least privilege and access on an as-needed basis, strong password controls, and restricted access to administrative accounts.
Our solutions allow customers to create ‘Admin’ roles that provide only the rights needed to perform the required functions.
Lightspeed Systems maintains the following controls designed to prevent unauthorized access to our offices:
All data centers where data is processed and stored are located in the United States and hold SOC 2, HIPPA, PCI DSS and ISO 27001 certifications. Lightspeed has a process in place to log, monitor, and respond to events and anomalies in its systems and solutions. Data backup and recovery solutions are also in place.
Lightspeed Systems practices security by design. We utilize a Secure Software Development Lifecycle based on the OWASP methodologies.
COPPA applies to the online collection of personal information by persons or entities under U.S. jurisdiction about children under 13 years of age. Parental consent is required for the collection or use of any personal information of the users.
We meet the following COPPA guidelines listed below and agree to:
The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
Education Law § 2-d went into effect in April 2014. The focus of the statute was to foster privacy and security of personally identifiable information (PII) of students and certain PII related to classroom teachers and principals.
Lightspeed Systems complies with the NY ED Law 2-D and the Parents Bill of Rights, which requires the following:
The Student Privacy Pledge is a public and legally enforceable statement by ed tech companies to safeguard student privacy, built around commitments regarding the collection, maintenance, and use of student personal information.
The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at [email protected]
GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring as “invalid” the European Commission’s Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield. As a result of that decision, the EU-U.S. Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States. That decision does not relieve participants in the EU-U.S. Privacy Shield of their obligations under the EU-U.S. Privacy Shield Framework.
The Office of Foreign Assets Control (“OFAC”) of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States.
Lightspeed Systems employees receive annual OFAC awareness training to ensure compliance.
|Entity Name||Subprocessing Activities||Entity Location (HQ)|
|Amazon Web Services, Inc.||Application Hosting & Storage||United States|
|LightEdge||Data Center||United States|
|Microsoft Corporation (Microsoft Azure)||Application Hosting & Storage||United States|
Still doing your research?
Let us help! Schedule a free demo with one of our product experts to get all of your questions answered quickly.
Looking for pricing information for our solutions?
Let us know about your district’s requirements and we’ll be happy to build a custom quote.