General Security Architecture

ampEducator is hosted with Amazon Web Services (AWS) Canada for Canadian Client instances and AWS USA for American Client instances in North America. For clients outside North America additional AWS locations may be available upon request for additional fee. Access to all servers is IP restricted. For more detailed information AWS provides the most up to date overview of security processes publicly on their website:

Authentication FAQ

Does ampEducator support authentication sources?
Yes. ampEducator supports (Free) Google Two-Factor Authentication for all Users.
Does ampEducator support Multiple Logons?
Yes. ampEducator supports Multiple Logons.
Does ampEducator monitor Multiple Logon failures?
Yes. After 3 incorrect attempts at login the user account will automatically disable and require an Admin user to make active.
Does ampEducator have a User Login Inactivity timeout?
Yes. The default is 30 minutes for User Login Inactivity. (This setting can also be adjusted higher or lower).
What type of Password security does ampEducator support or enforce?
The following password security is offered:
  • Minimum length: 8
  • Character mix: Not Required
  • Password aging: No
  • Password history: No
  • Password resets: Yes

Auditing FAQ

Does ampEducator control access to sensitive information by role?
Yes. We offer multiple Roles and built-in protection for fields containing sensitive data ie. SIN / NIN / SSN
Does ampEductor provide an audit trail for access to information?
Yes. We record the date and time of the last updated user.

Backup, Restore and Disaster Recovery FAQ

Does ampEducagtor provide backup frequency and verification/testing of backups?
Yes. Databases are backed up daily and weekly. Backups are encrypted and stored on secondary servers for redundancy. Documents are also backed up on a weekly basis and similarly encrypted and stored on secondary servers.
Can the system be recovered to a specific point-in-time for example or individual records, tables or files managed by the system be restored?
Yes. Granularity is daily. We can restore the entire database, a single table or even a single row.
How are records archived based upon age or activity to a secondary tier database, information repository or storage?
Records can be archived as read-only and remain in the primary database. Otherwise clients have the ability to export records to an information repository or storage based on any criteria they decide on.
What recommendations do you have (or actual facilities/procedures, in the case of software as a service) for disaster recovery in case of whole data center failure (e.g. flood, long term power outage, Internet connection failure)?
Because ampEducator is deployed on AWS, in case of failure, automated processes move customer data traffic away from the affected area. Core applications are deployed in an N+1 configuration, so that in the event of a data center failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites. AWS provides ampEducator with the flexibility to place instances and store data within multiple geographic regions as well as across multiple availability zones within each region. Each availability zone is designed as an independent failure zone. This means that availability zones are physically separated within a typical metropolitan region and are located in lower risk flood plains (specific flood zone categorization varies by Region). In addition to discrete uninterruptible power supply (UPS) and onsite backup generation facilities, they are each fed via different grids from independent utilities to further reduce single points of failure. Availability zones are all redundantly connected to multiple tier-1 transit providers.

Access to Data, Backup & Recovery Services

Clients do not have direct access to data on servers except via Login and Software User Interface and/or API Key. The database servers are imaged daily for backup purposes. Once a week the databases are also archived, encrypted and stored using AWS Glacier for redundancy except in cases of GDPR compliance. Clients have access to request a download copy of the complete database instance at any time via the software interface and may invoke a request for Data Recovery Services at any time via email for a fee.

Uptime, Monitoring & Reporting Services

ampEducator is monitored 24 hours a day 7 days a week since by an independent third party ( with publicly available statistics available via the Application Status link on our main website footer. Clients can view by Year and Month total outages, uptime and downtime. ampEducator average uptime since reporting was in implemented in 2010 is 99.9%.

AWS Hosting, Managed Services & Scalability

ampEducator is deployed on Amazon Web Services (AWS). AWS Data centers are conditioned to maintain atmospheric conditions at optimal levels. Personnel and systems monitor and control temperature and humidity at appropriate levels.

Firewall configuration and a multilevel network security framework Network devices, including firewall and other boundary devices, are in place to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, access control lists (ACL), and configurations to enforce the flow of information to specific information system services.

ACLs, or traffic flow policies, are established on each managed interface, which manage and enforce the flow of traffic. ACL policies are approved by Amazon Information Security. These policies are automatically pushed using AWS’s ACL Manage tool, to help ensure these managed interfaces enforce the most up-to-date ACLs.

AWS has implemented network devices that are dedicated to managing interfacing communications with Internet service providers (ISPs). AWS employs a redundant connection to more than one communication service at each Internet-facing edge of the AWS network. These connections each have dedicated network devices. AWS’s data centers are state of the art, utilizing innovative architectural and engineering approaches.

Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.

AWS only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical access to data centers by AWS employees is logged and audited routinely.

The ampEducator application runs in instances on virtual servers with a load balancer that determines (based on load) which server each user is assigned to. All clients share hardware simultaneously. AWS has Auto Scaling which allows us to automatically scale capacity up or down according to conditions we define, so that the number of instances we are using scales up seamlessly during demand spikes to maintain performance.

The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide back-up power for the entire facility.

ampEducator Standard Support Level Agreement (SLA)

SLA requests are defined by 4 levels and are accepted from Clients 24 hours 7 days a week via Email Support Tickets. Business Hours are 8 AM to 8 PM EST Monday to Friday excluding US and Canadian holidays.

Urgent Level Service is "down" and there is a critical impact to your business operations. ampEducator will commit all necessary resources around the clock to resolve the situation.

  • Time Frame: To be resolved immediately.
  • Escalation: To be escalated if not solved within 4 hours.

High Level User experience and product performance is degraded and significant aspects of your business operation are negatively affected by inadequate performance of ampEducator. ampEducator will commit full-time resources to resolve the situation.

  • Time Frame: To be resolved on the same day.
  • Escalation: To be escalated if not solved within 12 hours.

Medium Level Minor issues with specific product functionality or performance but key product features remain functional. ampEducator will commit resources during normal business hours to restore service to satisfactory levels.

  • Time Frame: 1-2 business days.
  • Escalation: To be escalated if not solved within 1 day.

Low Level Information or assistance is required with the ampEducator product including capabilities, installation, or basic configuration. There is little or no effect on your business operations.

  • Time Frame: Preferably email resolution; 3 business days.
  • Escalation: To be escalated if not solved within 2 days