Securing your school’s information

Download a PDF version of this article

It is important that your school deploys, configures and maintains OrchestrateIT software in such a way that protects that information from unauthorised access or modification. This document outlines the actions we take to help safeguard the information that you store in OrchestrateIT as well as the responsibilities that your school has for maintaining OrchestrateIT given that it is an on-premise, locally hosted solution.

 

 

Control Description Your Responsibilities
Data integrity OrchestrateIT is a business intelligence and reporting tool that ingests and analyses data from other systems. OrchestrateIT is not a finance system and it is not the source of truth for debtors, students, invoices or payments. To help protect the integrity of your school’s data, we prevent you from modifying any information in OrchestrateIT that is ingested from other source of truth systems. Keep the information in your existing finance systems and school management systems up-to-date as they remain the source of truth for student, debtor, invoice and payment information.
Information sharing OrchestrateIT is not a cloud-hosted solution and we do not receive, store or process any students’ or debtors’ personal or financial information. OrchestrateIT is a locally hosted (on-premise) application that runs on your school’s servers within your school’s network. This means that you retain complete control over the data and who you share it with. Only share access to OrchestrateIT and the OrchestrateIT database with authorised persons. Never send any personally identifiable student or debtor information to the OrchestrateIT team. If you are sending any error messages or screenshots, be sure to redact any sensitive information.
Encryption in-transit OrchestrateIT is not a payment gateway, email gateway or SMS gateway and we do not provide any of these services. Instead, OrchestrateIT integrates with your existing payment, email and SMS gateway services. We provide the necessary facilities for communicating with these services using secure, encrypted connections and strongly recommend enabling SSL connections under all circumstances – especially if you are transmitting personally identifiable information via email or SMS. Ensure that the SSL options are enabled in OrchestrateIT ‘Advanced Settings’ for email and SMS integration. When you include a payment gateway URL in an email or SMS message, always include the secure address (‘HTTPS’ rather than ‘HTTP’). Where possible, run OrchestrateIT as an ‘SSL only’ internal web application by applying an SSL certificate from your internal certificate authority.
User activity logging OrchestrateIT retains a record of most ‘create’, ‘delete’ and ‘update’ activities in an audit log within the application database. For example: when staff assign or unassign a payment plan from an invoice. From within the application, there is no ability for users to modify the audit log. Only System Administrators can view the audit log. Review the user activity log on a periodic basis if your school deems any of the activities that can be conducted in OrchestrateIT ‘high risk’. As with most information systems, anyone with direct database access can potentially modify the audit logs. Restrict database access to as few ICT Administrators as possible.
Authentication approach OrchestrateIT supports integration with Active Directory. This means that your staff will sign in to OrchestrateIT using the same credentials that they use for signing in to their workstation. When operating in this mode, passwords are validated in real-time as part of the sign-in process and are not stored in the OrchestrateIT database. Alternatively, OrchestrateIT supports local authentication mode, where users can set their own password. In this mode, user passwords are encrypted in the database which means they are not human readable. If it is supported by your school, enable Active Directory integration for centralised authentication management. When you configure the Active Directory scope in OrchestrateIT, restrict it to the organisational unit (OU) that staff members belong to so that it is not possible for students to ever be granted access to the application.
Password complexity requirements When you enable Active Directory integration, OrchestrateIT enforces the same password complexity requirements that you have configured on your domain. When you are using local authentication, OrchestrateIT enforces the following password complexity requirements: (a) Passwords must not contain the user’s full name, username or email address; (b) Passwords must contain a minimum of 8 characters; (c) Passwords must consist of both numbers and letters; (d) Passwords must contain at least one special symbol or character. If you are using OrchestrateIT with Active Directory integration, ensure that you have strong password complexity requirements configured in Active Directory.
User access control By default, only the user who deployed OrchestrateIT has access to sign in to the application. That user can add additional staff to the access list and assign them an access profile based on the privileges they require. OrchestrateIT allows you to assign one of the following access profiles to each user:Read Only – Ability to view all data in the system and create internal notes in students’ profiles.Finance Officer – In addition to the privileges of the ‘Read Only’ profile, users with this profile can create/modify custom payment plans, assign invoice categories, assign payment plans, assign payment methods, send messages using templates, manage the status of invoices and import data using pre-defined data import templates.Finance Manager – In addition to the privileges of the ‘Finance Officer’ profile, users with this profile can configure message templates, create/modify payment plan templates and send custom messages.System Administrator – In addition to the privileges of the ‘Finance Manager’ profile, users with this profile can access and modify the application’s ‘Advanced Settings’. Only create user accounts in OrchestrateIT for staff that require access. Always assign users to the minimum required access profile. If staff members only require temporary access to OrchestrateIT, be sure to remove their account immediately after use. Never assign a generic, service or multi-user account access within OrchestrateIT. If required, implement an approval workflow for any staff that are granted access to OrchestrateIT.
Database account management The OrchestrateIT web application runs server-side and connects to the database using a service account. No other database accounts are required for OrchestrateIT to run, however, you may wish to grant one or more of your ICT Administrators access to the database for administration, operations and maintenance purposes. Disable any default SQL server accounts that are not required. Especially the ‘sa’ account. Create a dedicated SQL server account for the OrchestrateIT application with a complex, randomly generated password with 20+ characters. Never sign in with this account, provide anyone with the credentials or use it for any other purpose. Limit direct database access to only authorised ICT Administrators that require access.
Database encryption N/A – OrchestrateIT has no responsibility for the way you provision, configure and manage your database. Where possible, you should enable encryption at-rest on your database and all associated back-ups.
Database back-ups N/A – OrchestrateIT has no responsibility for the way you provision, configure and manage your database back-ups. Schedule regular back-ups of the OrchestrateIT database and server(s) in alignment with the requirements of your school’s backup policy.
Error logging and monitoring OrchestrateIT automatically retains a log of any unexpected errors that users encounter within the application, as well as a log of any validation errors that users encounter when they are processing data imports. If OrchestrateIT encounters an unexpected error, it will notify the user, including guidance on how to report the issue to the OrchestrateIT Team. OrchestrateIT can also be configured to send administrative email notifications when a data import error occurs. Report any unexpected errors you encounter by logging a support ticket on the OrchestrateIT website. As we do not have access to your data, you may need to assist our team with troubleshooting and investigating issues that you report. Regularly review and investigate the cause of any data import exceptions to ensure that the information that is loaded into OrchestrateIT is up-to-date and accurate.
Patching and updates We periodically release new versions of OrchestrateIT through our secure Download Portal. These releases are packaged with a streamlined patching utility that allows you to perform ‘one click’ upgrades. An email notification will be sent to your registered email address whenever a new version is released. Deploy new versions of OrchestrateIT in your school as they are made available and validate that the features or quality fixes that formed part of the release have been resolved based on the change description that is provided in the release notification email. Ensure that you are maintaining a current, supported version of Microsoft SQL Server, Windows Server and Internet Information Services (IIS).

 

The scope of this document is restricted to the platform and application layers. Your school maintains full responsibility for the infrastructure layer. This content is not comprehensive and is for general information purposes only. It does not take into account your specific needs or circumstances and it is not advice. While we make reasonable attempts to ensure the accuracy and completeness of this content, we make no representation or warranty in relation to it, to the maximum extent permitted by law.