Skip to main content

SafeAssign Data Transmission and Storage

What data is transmitted between our LMS and the SafeAssign system?

To be effective at providing its service, SafeAssign needs to know the following information:

  • The first and last name of the submission author

  • The email address of the submission author

  • The documents that were submitted

  • The association of the submission with the assignment, course, institution and/or LMS instance

This information is transmitted between the LMS and the SafeAssign service. This information is also stored in the SafeAssign database.

How is the data (both transmitted and stored) protected?

Blackboard takes a multi-faceted approach to securing documents stored in SafeAssign. This includes physical, network, and application level security as well as vulnerability management and third party security testing.

Our environment enforces stringent physical access restrictions including 24/7/365 monitoring by on-site security guards.

On the network side, Blackboard hardens the SafeAssign hosting environment with redundant switches, routers, IPS, firewalls and load-balancers. For application security, SafeAssign requires the use of TLS (SSL) encryption for all integrating products. Additionally, SafeAssign leverages OAuth to strictly authorize users based on role and the principle of least privilege.

Blackboard deploys multiple external and internal commercial and custom vulnerability scanners that provide comprehensive reports on a frequent basis. This enables Blackboard to provide asset discovery and security, compliance monitoring, vulnerability detection, as needed patching and auditing capabilities.

In addition to the controls mentioned above, the Security Team also employs the expertise of third party auditing and industry certification. This includes, but is not limited to:

  • Annual third party process improvement and policy assessments are performed, including internal/external/security assessment and penetration testing.

  • Quarterly third party vulnerability scans with validation.

  • Blackboard data centers are Service Organization Control (SOC, Type 2) compliant. SOC 2 reports focus on internal controls as they relate to security, availability, processing integrity, confidentiality, and privacy of the hosted systems.

Important

Please be aware that all SafeAssign data is stored in the US. Regardless of where your data is stored, our security and data protection standards are the same globally.

Important

As such, we have taken measures to ensure the security and adequate protection of your data when it is transferred to the US.