You have questions . . . We have answers
Below are some of the more common questions that come up when we talk to people. Take a look to see if yours is answered and if not, drop us a line.
You absolutely can! We have close to 2,000 community colleges and hundreds of international colleges currently in our database.
SCOIR’s security model is an end-to-end process focused on keeping our users safe and their data secure. The SCOIR platform leverages the public cloud infrastructure provided by Google (learn more). How our services interact with this secure platform are governed by the following systems, processes and protocols.
User Authentication and Credential Management
SCOIR has controls and practices to confirm the identity of client-users and protect the security of client information. Strict procedures are employed for authenticating that each new client account is initiated and confirmed by a valid and authorized representative of a high school or college institution. Our system requires unique school-validated usernames and passwords that must be entered each time a client-user signs on to SCOIR. A centralized user management system is used to define and control client-users’ access to information and services. Client-users are required to maintain the confidentiality of their usernames and passwords and they are provided with referenceable procedures to follow if they become aware of any unauthorized use of an account.
Secured Service APIs and Authenticated Access
All services are managed through a secured global API gateway infrastructure. This API serving infrastructure is only accessible over encrypted SSL/TLS channels, and every request requires the inclusion of a time-limited authentication token generated via human login through the authentication system described above.
SCOIR services encrypt client data stored at rest, without any action required from the client, using 256-bit Advanced Encryption Standard with each data encryption key itself encrypted with a regularly rotated set of master keys. All data traffic between user browsers and our data centers are automatically encrypted using robust public key technologies (2048-bit RSA or P-256 ECDSA SSL certificates issued by a trusted authority) or Transport Layer Security (TLS) for email and message routing.