Security

Invite Education takes its responsibility of protecting client data seriously. We have developed a comprehensive security policy to create effective administrative, technical, and physical safeguards for the protection of Personal Information (defined below) and to comply with Invite Education’s obligations under applicable federal, state and local regulations (the “Regulations”).

Have a question or feedback? Reach us at security@inviteeducation.com.

  1. Architecture

    Invite Education does not host its own servers and runs all services in the cloud. Our infrastructure is built upon AWS Virtual Private Cloud (VPC)'s fault-tolerant network for optimal security and availability. AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. AWS’s data center operations have been accredited under multiple security guidelines like: ISO 27001 SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, and FISMA Moderate Sarbanes-Oxley (SOX). For more information, you can read about their practices here.

    Invite Education’s architecture consists of numerous security zones. We use an AWS Virtual Private Cloud (VPC) with no public IP addresses, a firewall to monitor external network traffic, and an intrusion detection system (IPS). Invite Education also utilizes a service for protecting its infrastructure against scanners, bots, and targeted attacks.

  2. Business continuity and disaster recovery

    Invite Education uses encrypted backups and regularly tests the time it takes to restore our systems in case of disaster.

    Clients may obtain a copy of our Disaster Recovery Plan by emailing security@inviteeducation.com.

  3. Application Security

    Invite Education uses a security monitoring service to identify security attacks and respond to issues in real-time. We store an audit trail of Invite Education’s application activity and monitor for exceptions and anomalies. All Invite Education employees are based in the United States and undergo regular security training. We require two-factor authentication for critical systems and monitor all user accounts for suspicious activity.

  4. Secure Development

    Invite Education’s engineers work to follow security best practices and frameworks including OWASP Top 10. Before each deployment, we review code for security vulnerabilities and follow a standardized vendor management policy. We use Static Application System Testing (SAST), Dynamic Application Security Testing (DAST), and multiple open-source dependency systems that check for license compliance in addition to vulnerabilities. Clients may obtain a copy of our FOSSA open-source dependency and license notice report by emailing security@inviteeducation.com.