EdAssist Systems and Security

EdAssist provides industry-leading systems and security protocols to maintain successful integration with client ERP, HRMS and Learning Management Systems.

1. Integration with Client ERP, HRIS and Learning Management Systems
   There are three primary "touch points" between the EdAssist software platform and the corporate enterprise systems.
   • The Human Resource Information Systems: A feed is established between the Client HRIS and the EdAssist platform for the purposes of maintaining accurate data on employee eligibility and management hierarchy. This feed can be scheduled to support the client requirements, generally ranging from once per payroll cycle to every night.
   • ERP: EdAssist establishes an outbound feed for payroll that notes the approved reimbursement amounts by employee and any tuition assistance amounts that are taxable per the Client policy. This feed may be established in a number of file formats to support Client requirements.
   • Learning Management System: If the employer maintains an industry-standard learning management system, it is our intent to establish a feed between the EdAssist platform and the LMS for purposes of maintaining complete education and training history for employees. We generally push program and course specific information from the EdAssist platform into the LMS.
2. Web Services API Interface
   EdAssist has implemented an API that can connect a company LDAP/AD for authentication integration. EdAssist has implemented a custom authentication module that follows the industry standard password policy management, user ID management, and security restrictions and best practices in handling user access information.
3. Backup and Recovery Plan
   A full database backup is performed every day, on every file and client databases. These files are stored on a RAID disk via a cluster mirror. Backups are retained for 1 rolling week on the server, and the rest are archived. All backup and recovery plans are documented and have been tested using industry-standard practices.
4. Server Redundancy
   EdAssist has a server redundancy configuration that enables high availability for the application and the databases. This redundancy is a RAID mirrored Hard disk configuration. RAID configurations replicate data across multiple disks. With the EdAssist RAID configuration, a failing drive does not bring the application down. EdAssist also has deployed an alert system at the data center for the administrative staff to be notified immediately when one of the drives is failing, enabling technicians to schedule the disk repair. There is a data center SLA guarantee to replace failed hardware within a single hour.
   Using multiple servers and Load Balancing technology, we ensure the availability of the Web and application servers. A load-balanced configuration relies on a dedicated network device to distribute traffic across multiple Web or application servers. If one server becomes unavailable, the load balancer reroutes and balances traffic among the remaining devices, ensuring the availability of your web site or application. In addition to helping you avoid unplanned site downtime, load balancing provides us with a way to avoid the disruption that can accompany planned downtime. Load balancing enables us to take individual servers offline for repairs, upgrades, or other routine maintenance activities—without having to take your entire site or application offline.
5. System Availability:
   The MyEdAssist application is available 24 X 7.
6. System Capacity
   The current CPU and DB utilization is at 27% at peak usage across the existing 20,000 users of MyEdAssist.com. Thru analysis a response time of less than 5 seconds across every feature at highest user loads at peak times over the past 2.5 years has been determined. After several thousand transactions across multiple clients over 3 years, we do not have a single report from any user on performance issues and a page performance over 6 seconds.
7. System Scalability
   The MyEdAssist Database Layer, Business Layer and Presentation Layer have been architected to align with the infrastructure scalability design, via cluster mirrors and replication and load balancing. Application scaling occurs at the database layer through expansion of the mirrored databases.
8. Web site Authentication
   All web authentication data entered by the user is transmitted on SSL on port 143.
   • The username and passwords are stored as encrypted data in SQL server database.
   • Web users have 3 attempts to login after which the account is locked and unlocked after 1 hour
   • Employee ID is typically the user id.
9. Password rules:
   • Passwords must be between 6 and 15 characters
   • Passwords must contain at least one number.
   • Passwords must contain at least one character.
   • Passwords must not be the same as the UserID
   • Passwords must not match with any previous 8 passwords.
10. User Roles and Access Privileges:
    EdAssist supports four primary user roles within the MyEdAssist application; the user, the approver (there is support for multiple approval levels), the corporate administration, and the tuition assistance administrator.
    • The tuition Administrator has access to manager and transaction data and the ability to approve or reject submitted applications
    • The Corporation Administrator has access to employee, manager and transaction data specific to the business unit/organization (s) they support.
    • Approvers have access to approve or reject requests within their reporting hierarchy.
    • Employees have access to create requests, view the status of existing requests, and update personal data.
11. Physical Security Features of the EdAssist Data Centers
    
    • Data center access limited to data center technicians
    • Biometric scanning is done for controlled data center access
    • Security camera monitoring is performed at all data center locations
    • There is 24x7 onsite staff who provide additional protection against unauthorized entry