At Lync, we are committed to ensuring that all Personally Identifiable Information (PII) entrusted to us is secure and that the privacy of its customers and staff is protected.
We maintain different security measures to ensure the confidentiality, integrity, and availability of data.
Data is Encrypted Everywhere
From your connection to our website, communication to our API servers, and communication down to your local network, we use HTTPS/SSL for all communication. All our API calls require a temporary unique token that is assigned to your session and automatically deleted after you log off.
Private Cloud-hosted infrastructure is a more secure infrastructure
We only keep enough data to identify your users in our system and only the groups specified by your administrators.
Lync’s infrastructure runs on our private cloud
Privacy of Data
We are concerned about your data privacy: We never sell or lease any data or promote advertising on our platform.
Student data is used only for educational purposes and authentication at the direction of the organization. All data is stored in our private cloud infrastructure, encrypted. Every organization and its user data will be removed permanently if the organization discontinues the use of Lync SSO. Lync maintains data needed for the operation of the system. This data includes what is generally regarded as Directory Information such as name, school building affiliation, grade level, and email address. Lync may also maintain profile pictures, cell phone numbers for students age 13+ (to send password reset verification codes), student ID numbers, login credentials for various online resources, and personal computer files (temporarily cached for file transfers between cloud drives and stored until deleted by user for the Lync cloud drive). Lync does not generally maintain information such as mailing address, gender, date of birth, and other personal demographic data.
We are committed to ensuring that all Personally Identifiable Information (PII) entrusted to us is secure and that the privacy of its customers is protected.
Your data always remains in your control, and never co-mingled with anyone else’s data. Your demographic data and any other protected information reside on our exclusive cloud-based servers and are shared with cloud applications at your discretion.
Vulnerability management is an essential component of Lync’s information security program. Vulnerability assessment consists of simulating attacks on networked assets to identify their potential vulnerabilities. Remediation of these vulnerabilities is key to keeping your information safe and secure.
Lync systems undergo regular security scanning and penetration testing to detect and minimize vulnerabilities and eliminate threats to your confidential data. This is done both in-house and by third-party consultants to most effectively detect any vulnerabilities.
Lync maintains a business continuity plan to prepare for the possibility of extended service outages caused by factors beyond our control, like natural disasters or man-made events, intending to restore services to the widest extent possible in a minimum time frame. All Lync sites are expected to implement preventive measures whenever possible to minimize network failure and to recover as rapidly as possible if and when a failure occurs.
Lync has defined and maintains a clear set of procedures should any unauthorized access to your private data occur. This ensures that the root cause of such an incident is identified and remedied as quickly as possible.
Lync adheres to a change management process and system to apply changes, upgrades, or modifications to customer-facing Lync products and services as well as internally used business management products and services. We also use this process to manage modifications to the Lync internal network, server hardware, and software. A strong change management process enables us to reduce the risk of information corruption, system disruption, and loss of productivity.
Risk Assessment & Management
A risk is an event or condition that, if it occurs, could have a positive or negative effect on Lync activities. Lync uses Risk Assessment tools to identify, monitor, assess, report, and respond to risks associated with our activities.
Risk assessment and management provide a framework for the performance of periodic information security risk assessments to determine areas of vulnerability associated with Lync activities, and to initiate appropriate remediation, if necessary. Our Risk Assessment Process defines how risks associated with Lync activities will be identified, analyzed, and managed, and outlines how risk management activities will be performed, recorded, and monitored throughout the lifecycle of a project.
Unsecured and vulnerable servers are an entry point for malicious threats. Lync’s server installation policies and configuration management procedures are used to secure servers and avoid threats and vulnerabilities.
Lync continually backs up critical data and tests its backups to ensure the accessibility of its information assets to staff and customers. This process prevents the loss of data in the case of accidental deletion or corruption of data, system failure, or disaster. It also ensures the timely restoration of data should accidental deletion or corruption occur.
Unsecured and vulnerable servers are an entry point for malicious threats. Lync relies on consistent server installation and maintenance policies to secure servers and avoid vulnerabilities.
Security Response Planning
Security Response Plans are created by the Lync teams associated with Lync products and services as well as internally used business management products and services. These plans are used by Lync management to assist in awareness and coordinated response in the event of a security vulnerability or incident. Security Response Plans contain contact information for key personnel associated with the program or service, escalation paths, expected service level agreements, severity and impact classifications, and mitigation and remediation timelines.
Information Logging & Log Review
Lync maintains logs from critical systems, applications, and services that can provide key information and indicators of data compromise. The logs are critical for forensic analysis and are reviewed regularly to proactively respond to potential data issues.
Employee candidates and existing employee background checks are an essential part of security. Lync employees are carefully screened and vetted to ensure that your data remains in safe hands. All of our employees sign nondisclosure agreements to prevent the release or misuse of any confidential data.
Security Awareness Training
All Lync employees take part in regular security awareness training to ensure that we maintain a culture of security for ourselves and our customers. Ongoing training campaigns, correlated with security testing, help us to stay ahead of security threats throughout the industry.
We conduct regular security audits using third-party security firms to test and refine our protocols to ensure security and privacy. Our security audits evaluate both our core product platforms and our Application Programming Interface (API).