We recognize that the information contained on the IonTuition website (“the Site”) is ultimately owned by you as the user of the Site. As such, the Site is obligated to use the technological means necessary to protect your information from unauthorized access or usage. Below are some of the technologies and best practices that are in place for the Site to protect both your identity and your information:
- Personally Identifiable Information (PII) and Confidential Information are encrypted in storage, in transit, and at rest utilizing the Federal Information Processing Standards (FIPS) compliant Advanced Encryption Standard (AES) encryption standard.
- Login credentials including IDs, passwords, and any other data used in the identification, authentication, or verification processes are encrypted utilizing the Federal Information Processing Standards (FIPS) compliant Advanced Encryption Standard (AES) encryption standard.
- The network and systems supporting the Site is monitored by a 24x7x365 Network Operation Center (NOC) and personnel monitor systems and alerting mechanisms to ensure that unauthorized access to Site systems or your information does not occur.
- Annual security assessments against the information security standards listed below are performed for the Site. These annual security assessments are performed by independent and certified information security assessment companies to ensure objective and complete compliance.
- Routine vulnerability assessments and penetration tests on the systems supporting the Site are conducted to ensure that no vulnerabilities exist which might allow a person to obtain unauthorized access to your information.
In addition to technological protection, we recognize that human behavior is as important to the protection of your information as technological protection. As such, the following processes have been implemented for the Site to ensure the protection of your information:
- Annual job-specific training of employees supporting the Site is conducted with regard to the identification and prevention of information security breaches.
- Annual training of employees supporting the Site is conducted with regards to the identification and prevention of identity theft and fraud.
- We ensure that secure connections are initiated between your computer and the Site.
- IonTuition uses multi-factor identity verification before granting access to the Site and the information contained within.
We take great care to ensure that we’re doing everything possible to protect your personal and confidential information. Despite our exhaustive efforts, there is still a personal burden, which falls on you to ensure that your identity and personal information remain secure. Below are a few tips to follow to ensure that your information is not compromised.
- Make sure that you keep your software and operating system versions current.
- Ensure that you install all security updates as recommended by your software, operating system, and hardware manufacturers.
- Install and maintain current anti-virus, malware, and personal firewall software on your personal computer.
- Be aware of potential threats such as keystroke loggers, phishing, and social engineering.
- Refrain from having your computer remember user IDs and passwords to enable automatic login.
- Change your password every 30 to 60 days and use strong passwords consisting of a minimum of 8 characters and including at least 1 upper case letter, 1 lower case letter, 1 number, and 1 special character.
- Use passwords that are not comprised of words that would be easily guessed by someone who knows you or that could be easily found out by someone who doesn’t know you.
- Use passwords that are not found in the dictionary.
- Do not share your Login ID or password with anyone including employees.
- Always log off the Site when you have finished your activities.
- Avoid using any computer that you are not positive you can trust with the safety and security of your personal and confidential information.
- Never provide any personal information, user IDs, passwords, PIN numbers, account numbers, etc. via email or to an unsecured website. If any such information is requested via email, you should place a telephone call to the originator so you can verify their identity and need for the information before providing it. If requested to enter such information into a website, you should verify that it is a site you can trust and make sure the site is secure by looking for the SSL padlock in the address bar of your browser.
- Do not open emails from unknown senders and use caution when opening unexpected or suspicious attachments from a known sender.
- Check your credit report and account statements regularly for unauthorized or suspicious activity.
- Pay attention to email or text alerts from any website to which you subscribe to such alerting as they will often provide early warnings of identity theft or fraudulent activity.
Bank Level Security
IonTuition protects your information with the same or better security controls used by financial and government institutions. These controls include, but are not limited to, the Federal Information Processing Standards (FIPS) compliant Advanced Encryption Standard (AES) encryption standard as well as actively monitored logical and physical security controls that meet or exceed industry standards. Our security certificates are independently monitored and verified by DigiCert® the very same certification authority trusted by intel®, Microsoft®, Facebook®, the U.S. Department of Homeland Security, and 40,000 other customers.
IonTuition notifies you any time a significant change is made to the information you have stored on our site. These notifications include account registrations, password changes, profile updates, and status changes that prevent unauthorized access to, or modification of, your information.
IonTuition, its supporting systems, and the data center supporting the Site are monitored by a 24x7x365 Network Operation Center (NOC), and personnel monitor systems and alerting mechanisms to ensure that unauthorized access to Site systems or your information does not occur. We safeguard your information to identify unusual or suspicious activity and preempt breaches.
Security Assessments and Compliance
We actively monitor compliance with, and conduct annual security assessments against, all applicable information security standards including the:
- National Institute of Standards and Technology SP 800-171 (NIST)
- Family Educational Rights and Privacy Act (FERPA)
- Gramm-Leach-Bliley Act (GLBA)
- Payment Card Industry Data Security Standards (PCI-DSS)