Security Trust Center

Scholarship America performs background checks on employees.

Scholarship America requires and includes confidentiality agreements in contracts and maintains confidential policies and agreements for its staff.

Scholarship America manages its security practices with up-to-date policies and strict compliance programs.

Scholarship America engages an experienced and certified vCISO, SideChannel, for additional support navigating its Security concern.

Scholarship America performs annual pen testing on applications and the external network where the vulnerabilities found are triaged, planned, and remediated to the plan.

Scholarship America monitors application and infrastructure on a continuous basis that can be cross-correlated and detects DOS/DDOS for unexpected traffic spikes.

Scholarship America uses a CIAM system on its core student platform.

Scholarship America monitors system and networks for performance and high traffic utilization.

Scholarship America scans its Static Code Analysis tool on release for vulnerabilities.

Scholarship America scans vulnerability weekly for both systems and applications.

Scholarship America protects its external-facing web applications with best-in-class firewalls.

Scholarship America engages workstation monitor and cloud-based patching to remediate vulnerabilities when detected.

Scholarship America follows least privileged access when granting access to in-scope systems and requires that a formal request and approval process is followed.

Scholarship America conducts annual developer security awareness training following OWASP and best practices.

Scholarship America provides an annual report to members of its board and senior management.

Scholarship America engages a third party to perform an annual risk assessment where findings are triaged and remediated based on its findings.

Scholarship America conducts annual security awareness training following OWASP and best practices for all employees and contractors.

Scholarship America conducts biannual reviews of system access to make sure all users still require the access that fit their role.

Scholarship America’s Board of Trustees meets at least 3 times a year, maintains formal meeting minutes, and is comprised of independent, highly qualified members.

Scholarship America’s configuration management policy and procedure documents and requires approval for changes to the systems and network.

Scholarship America follows a detailed organizational disaster recovery plan with defined RTO and RPO.

Scholarship America conducts a bi-annual test of the disaster recovery plan.

Scholarship America follows a detailed an organizational incident response plan with defined RTO and RPO.

Scholarship America conducts a bi-annual test of the incident response plan.

Scholarship America conducts regular phishing tests for its staff and contractors.

Scholarship America’s organizational chart describes the organization structure and reporting structure.

Scholarship America requires personnel in a security role to do advanced security training annually.

Scholarship America performs third party risk assessments on all vendors and third-party contractors.

Scholarship America maintains a ticket system for managing incidents, problems, and access requests.

Scholarship America actively monitors newsletters and other media for critical vulnerabilities published by reputable sources.

Scholarship America engages a formalized whistle blower policy with an anonymous communication channel in place for users report potential issues or fraud concerns.

Scholarship America conducts industry standard backups on a regular cadence.

Scholarship America maintains a centralized logging system for security and performance monitoring.

Scholarship America protects all its data environments with best-in-class firewalls.

Scholarship America follows SPAM-CAN rules to prevent fraudulent email from being sent through its mail servers and to reduce phishing attempts.

Scholarship America monitors email for common and advanced threats.

Scholarship America maintains end point detection and response systems for detecting and cleaning malware/viruses that is used to prevent unapproved devices from connecting to the system and monitoring for unusual behavior.

Scholarship America uses intrusion detection and intrusion prevention measures.

Scholarship America follows or exceeds industry standard encryption at rest.

Scholarship America follows or exceeds industry standard encryption in transit.

Scholarship America maintains an inventory of its hard and software assets.

The company has 24 hour x 7 days a week x 365 days a year log monitoring to detect intruders and malicious activity.

Scholarship America manages its laptops and other devices with MDM that allows lost or stolen devices to be wiped.

Scholarship America segments its network to prevent unauthorized access to protected and secure data.

Scholarship America uses a PAM to control, administer, and monitor privilege access to systems.

Scholarship America continuously monitors for data that has been disclosed or scraped.

Scholarship America’s systems can only be remotely accessed by authorized staff via an approved encrypted connection.

Scholarship America uses a single sign-on/multi-factor authentication solution to manage access to internal and third-party systems.

Scholarship America follows the Center for Information Security Benchmarks for hardening systems.

Scholarship America maintains system images with embedded security controls when deploying out systems.

Scholarship America follows NIST framework when wiping systems during the decommissioning process and shreds drives if the drive is unable to be wiped.

Scholarship America secures its WIFI system with the industry standard.