Security & Compliance

Data Security & Protection

Enterprise-grade security infrastructure protecting millions of educational records. Your data security is our highest priority.

Last updated: January 15, 2026
6 sections

Security Infrastructure

Multi-layered security architecture designed for educational institutions

Encryption

  • AES-256 encryption at rest
  • TLS 1.3 in transit
  • End-to-end encryption for sensitive data
  • Key rotation every 90 days

Infrastructure

  • ISO 27001 certified data centers
  • Geographic redundancy
  • India data localization
  • 99.99% uptime SLA

Access Control

  • Role-based access (RBAC)
  • Multi-factor authentication
  • Single sign-on (SSO)
  • Session management

Monitoring

  • 24/7 security monitoring
  • Real-time threat detection
  • Automated alerts
  • Incident response team

Certifications & Compliance

Meeting the highest standards of data protection and security

ISO 27001

Information Security Management

SOC 2 Type II

Security & Availability

GDPR

European Data Protection

DPDP Act

India Data Protection

Data Classification

All data is classified into Public, Internal, Confidential, and Restricted categories. Each category has specific handling, storage, and access requirements. Student records and financial data are classified as Restricted with the highest protection levels.

Access Management

Access follows the principle of least privilege. All access requests require manager approval and are reviewed quarterly. Privileged access requires additional authorization and is logged for audit purposes.

Incident Response

Our incident response team operates 24/7 with defined escalation procedures. Security incidents are classified by severity with response times from 15 minutes (critical) to 24 hours (low). All incidents are documented and reviewed for preventive improvements.

Vendor Security

Third-party vendors undergo security assessments before engagement. Vendors handling sensitive data must meet our security standards and are subject to annual reviews. Data processing agreements are required for all data-handling vendors.

Employee Security

All employees complete security training during onboarding and annually thereafter. Background checks are conducted for roles with data access. Security awareness programs run continuously with simulated phishing exercises.

Physical Security

Data centers feature biometric access, 24/7 surveillance, and security personnel. Visitor access is logged and escorted. Hardware disposal follows secure destruction procedures with certification.

Report a Security Concern

If you discover a vulnerability, please report it responsibly to security@edease.in

Report Issue