To be effective at providing its service, SafeAssign needs to know the following information:
- The first and last name of the submission author
- The email address of the submission author
- The documents that were submitted
- The association of the submission with the assignment, course, institution and/or Blackboard Learn instance
This information is transmitted between Blackboard Learn and the SafeAssign service. This information is also stored in the SafeAssign database.
Blackboard takes a multi-faceted approach to securing documents stored in SafeAssign. This includes physical, network, and application level security as well as vulnerability management and third party security testing.
Our Managed Hosting (MH) environment enforces stringent physical access restrictions including 24/7/365 monitoring by on-site security guards.
On the network side, the MH team hardens the SafeAssign hosting environment with redundant switches, routers, IPS, firewalls and load-balancers. For application security, SafeAssign requires the use of TLS (SSL) encryption for all integrating products. Additionally, SafeAssign leverages OAuth to strictly authorize users based on role and the principle of least privilege.
Blackboard MH deploys multiple external and internal commercial and custom vulnerability scanners that provide comprehensive reports on a frequent basis. This enables Blackboard MH to provide asset discovery and security, compliance monitoring, vulnerability detection, as needed patching and auditing capabilities.
In addition to the controls mentioned above, the MH Security Team also employs the expertise of third party auditing and industry certification. This includes, but is not limited to:
- Annual third party process improvement and policy assessments are performed, including internal/external/security assessment and penetration testing.
- Quarterly third party vulnerability scans with validation.
- Blackboard MH data centers are Service Organization Control (SOC, Type 2) compliant. SOC 2 reports focus on internal controls as they relate to security, availability, processing integrity, confidentiality, and privacy of the hosted systems.