Compliance & Security

Pocket IEP is committed to maintaining the highest standards of data security and regulatory compliance

FERPA

Education Records Protection

SOC 2

Trust & Security Controls

GDIT

Federal IT Standards

HIPAA

Health Information Privacy

FERPA Compliance

The Family Educational Rights and Privacy Act protects student education records. Pocket IEP ensures full compliance through:

Authorized Access Only

Row Level Security ensures student data is only accessible by authorized parents and legitimate educational staff

Data Minimization

Only required student information fields are collected, stored, and displayed

Parent Rights

Parents can access, review, export, and request deletion of their child's information

Encryption & Audit Logs

All data encrypted in transit and at rest. Comprehensive access logging maintained

Third-Party Agreements

Written data processing agreements with all vendors handling student data

SOC 2 Compliance

SOC 2 Type II certification ensures our systems meet strict security, availability, processing integrity, confidentiality, and privacy standards:

Security Controls

  • • Role-based access control (RBAC)
  • • Multi-factor authentication
  • • Session management and timeouts
  • • Security headers and CSP
  • • Vulnerability scanning

Monitoring & Logging

  • • Continuous security monitoring
  • • Comprehensive audit trails
  • • Real-time alerting system
  • • IP address tracking
  • • User agent logging

Data Protection

  • • End-to-end encryption
  • • Encrypted backups
  • • Data retention policies
  • • Secure deletion procedures
  • • Privacy-by-design architecture

Operational Excellence

  • • Change management process
  • • Incident response procedures
  • • Regular penetration testing
  • • Annual compliance audits
  • • Vendor risk management

GDIT Standards

Federal IT and defense contractor security requirements ensure government-grade protection:

NIST 800-53 Alignment

Security controls aligned with federal security framework standards

Network Segmentation

Production environments isolated with controlled access and monitoring

Incident Response

Documented procedures for detection, reporting, and remediation of security incidents

Secure SDLC

Code reviews, dependency scanning, and security testing integrated into development

HIPAA Compliance

When handling Protected Health Information (PHI), Pocket IEP implements comprehensive HIPAA safeguards:

PHI Encryption

All Protected Health Information encrypted at rest and in transit using industry-standard protocols

Access Controls

PHI access limited to authorized users only with audit trail of all access events

Business Associate Agreements

BAAs in place with all third-party vendors processing PHI

Breach Notification

Documented procedures for breach detection, assessment, and notification within required timelines

Session Security

Automatic session timeouts and protections against unauthorized viewing of PHI

Questions About Our Compliance?

Our compliance and security team is available to answer questions and provide additional documentation.

Contact Compliance Team