cancel
Showing results for 
Search instead for 
Did you mean: 

Partner Listing: AEFIS

Partner Listing: AEFIS

 

AEFIS Logo - Color - No Tagline.png

 

Links

Website: aefis.com
aefis.com/news 
aefisacademy.org
Documentation: 
https://site.imsglobal.org/certifications/aefis/aefis
https://www.aefis.com/solutions/solutions-overview/
Support: aefisacademy.org
Philadelphia, PA Release Notes:
https://www.aefis.com/technology/technology-overview/
twitter.png  facebook.png  linkedin.png  
  https://www.aefisacademy.org/academy-blog/ Sales Contact: Kallie Rogers, Client Success Coordinator
krogers@aefis.com

 

About

AEFIS, the leading ed-tech company that partners with higher education to improve learner success through empowering authentic assessment for lifelong learning, successfully completed the IMS Global Learning Consortium® certification conformance assessment for the Comprehensive Learner Record (CLR) standard, making AEFIS the first software solution to achieve IMS CLR certification. This certification adds to AEFIS’s portfolio of IMS certifications including Competencies and Academic Standards Exchange®(CASE®), Open Badges, and Learning Tools Interoperability® (LTI), demonstrating AEFIS’s commitment to interoperability.

 

Accessibility

Please see the AEFIS VPAT and AEFIS WCAG.

 

Security

HECVAT status Please see the AEFIS HECVAT 
Data encryption AEFIS ensures any data transmitted through any communication channel is secured during transmission. Data transmission in AEFIS occurs during three distinct processes. Below are the explanations of these processes and methods used for data security:
1. Transfer of a University data feed from the institution to AEFIS: This data feed is required for AEFIS operations. This transmission uses a secure communication channel (SFTP or FTPS) between the University and AEFIS FTP servers.
2. The transfer of data between the AEFIS software application server and the client: Typically, the client accesses the AEFIS software and contained data using a web browser (i.e. Google Chrome, Microsoft Internet Explorer, etc.). Data traffic and transfer between the AEFIS server and client is handled by HTTPS using a 2048-bit RSA with SHA-256, domain-verifying SSL certificate.
3. Transfer of backup data to a remote datacenter to preserve business continuity and disaster recovery: This transfer also uses SSL for data encryption.
Countries of data storage USA
Data storage method Cloud
Data retention policy AEFIS maintains data based on AEFIS Data Retention Policy. Data retention summary is below:
1. Continuous transactional backups are kept for 1 month
2. Daily backups are kept for 1 year
3. Monthly backups are kept for 10 years
Incident management program, policy, and testing AEFIS Assurance "Incident Management and Response Procedure" defines the process and policies around communication with impacted clients. The incident response policy includes processes related to:
1. Preparation: Deploy tools and provide training for incident prevention.
2. Identification: Identify incidents thoroughly; analyzing all the information related to the incident.
3. Containment: Contain the issue immediately and prevent any collateral damage and limit the impact of the incident.
4. Eradication: Get rid of the issue that caused the incident.
5. Recovery: Make sure the issue is resolved and the system is updated in the right way, before returning it to service. Continue to monitor the system for any similar behaviors to ensure that the incident has been fully resolved.
6. Lessons Learned: Put together a report detailing what happened, why it happened, what could have prevented it, and what you’ll be doing to prevent it from happening again. Update relevant policies to ensure the issue will not happen again.
Disaster recovery and business continuity plan and testing AEFIS ensures any data transmitted through any communication channel is secured during transmission. Data transmission in AEFIS occurs during three distinct processes. Below are the explanations of these processes and methods used for data security:
1. Transfer of a University data feed from the institution to AEFIS: This data feed is required for AEFIS operations. This transmission uses a secure communication channel (SFTP or FTPS) between the University and AEFIS FTP servers.
2. The transfer of data between the AEFIS software application server and the client: Typically, the client accesses the AEFIS software and contained data using a web browser (i.e. Google Chrome, Microsoft Internet Explorer, etc.). Data traffic and transfer between the AEFIS server and client is handled by HTTPS using a 2048-bit RSA with SHA-256, domain-verifying SSL certificate.
3. Transfer of backup data to a remote datacenter to preserve business continuity and disaster recovery: This transfer also uses SSL for data encryption.
Security Standard Certificates

AEFIS Assurance Team is currently working on completing a SOC 2 Audit and ISO 27001 certification processes. It is prudent to mention, we had some delays at the outset of the pandemic as we made helping our partners a top priority given COVID-19 disruptions. Since July 2020, we have made our focus to focus on completing these projects expediently.

We are currently mapping the existing AEFIS Assurance controls to SOC 2 controls and ISO27001 controls and working on finalizing our internal audit process for SOC 2. Once the internal audit is completed, we will work with a third party for the SOC 2 Audit. At this time, we plan to start working with the external auditor by the middle of 1st Quarter of 2021. A typical SOC 2 Audit takes one to three months, thus, the expected timeline for the SOC 2 Audit is by the end of 1st Quarter or middle of 2nd Quarter.

Similarly, for our ISO 27001 efforts, we plan to complete our internal audits and engage with a third party certification body by the end of the 1st Quarter in 2021. The expected certification date for ISO 27001 will be the end of the 2nd Quarter in 2021.

Third-party testing and security controls practices  

 

Privacy

Privacy policy link  
COPPA policy link  
Privacy department/officer contact:   
Types of data collected  
Personally identifiable or personal data collected  
Data Deletion Request Process  
Third-Party Data Sharing & Opt-out  
Cookies or Tracking Technologies used  
Analytics performed on Customer Data  
Data correlation practices (across customers or create profiles)
Privacy Certifications or Seals  
Targeted Advertising using user data  
Privacy or data protection impact assessments  
Privacy Law Compliance  



Integration Instructions

Please see the Canvas LMS Setup Guides.

Version history
Last update:
‎01-25-2021 07:42 AM
Updated by: