Hosting, Security, and Data Management Protocol Document

Futured Technology FZE 

Hunzullah Khaliqnoor

Hunzullah@futuredtechnology.com

HP EdTech Incubator Website Security Protocol

1. Introduction

This document outlines the security protocols implemented for the HP EdTech Incubator website. FuturEd’s goal is to ensure the confidentiality, integrity, and availability of data collected through Www.hpedtechincubator.com, as well as to protect user privacy.

2. Website Domain and Registration

www.hpedtechincubator.com is hosted and registered through Squarespace.

Squarespace is a leading website building and hosting platform that provides a comprehensive suite of services for creating and maintaining websites. Founded in 2004, Squarespace offers a user-friendly interface, customizable templates, and a variety of tools for e-commerce, blogging, and analytics, making it a popular choice for individuals and businesses looking to establish a professional online presence. Additionally, Squarespace provides domain registration services, allowing users to manage both their website and domain from a single platform.

Squarespace, and its affiliated products, store our data in Tier III data centers across the United States. Squarespace serves images and other static assets via multiple geographically distributed content delivery networks (CDNs). This system ensures that the data in each page view is served from the data center closest to the visitor’s location.

Squarespace's legal jurisdiction is in the State of New York, United States. Any disputes or legal issues will be governed by and construed in accordance with the laws of the State of New York. Additionally, any legal actions or proceedings arising from or related to the use of Squarespace’s services must be brought in the federal or state courts located in New York, NY. More information can be found here.

3. Website Security Measures

The HP EdTech Incubator website is built and hosted on Squarespace, which provides several built-in security features to protect both the site and its users.

A. SSL Encryption

  • SSL Certificates: Www.hpedtechincubator.com uses SSL (Secure Sockets Layer) certificates to encrypt all data transmitted between users' browsers and our web servers. This ensures that any information shared by users is secure and protected from interception by third parties.

B. Data Transmission Security

  • Encryption in Transit: All data transmitted to and from the website is encrypted using TLS (Transport Layer Security). This includes data entered in forms, user interactions, and any other data exchanges.

C. Website Integrity

  • Automatic Updates: Squarespace automatically applies security patches and updates to the platform to protect against known vulnerabilities. This ensures that www.hpedtechinbator.com is always running on the latest and most secure version of the platform.

  • Content Security Policy (CSP): Squarespace employs a Content Security Policy to mitigate the risk of cross-site scripting (XSS) attacks and other code injection attacks.

D. Access Control

  • User Authentication: Access to the website's administrative interface is restricted to authorized personnel only. Strong passwords and multi-factor authentication (MFA) are used to secure administrator accounts.

  • Role-Based Access Control: Different levels of access are assigned to users based on their roles, ensuring that only authorized individuals can perform sensitive operations.

E. DDoS Protection

  • Distributed Denial of Service (DDoS) Protection: Squarespace provides built-in DDoS protection to prevent attacks that could disrupt the availability of Www.hpedtechincubator.com. This ensures continuous access to FuturEd’s services.

4. Microsoft Team usage

  • Microsoft Teams: This platform will be used for conducting online workshops.

  • Microsoft Forms: This tool will be employed for data collection purposes.

To ensure the security and proper management of FuturEd’s Microsoft Teams usage, the following protocols will be implemented:

  1. Microsoft Teams Registration Ownership: We utilize Microsoft Teams under FuturEd’s company's name “Futured Technology FZE”, registered through Microsoft Office 365 Business Standard.

  2. Microsoft Teams Server Information: FuturEd’s Microsoft Teams data is hosted on servers situated in the US and will be transferred to UAE-based servers before the end of 2024. This arrangement ensures adherence to local data sovereignty and privacy regulations, mandating that data be retained within the nation's borders.

  3. Legal Jurisdiction: As a UAE-based entity, FuturEd’s Microsoft registration is primarily subject to the laws and regulations of the UAE in terms of legal jurisdiction. This implies that any legal matters, regulations, or compliance requirements pertaining to FuturEd’s Microsoft Teams data are governed by the laws of the UAE.

5. Microsoft Teams Security Protocol

Microsoft Teams is used for communication and collaboration within HP EdTech Incubator. The following security measures are in place to protect data handled through Microsoft Teams:

A. Data Security

  • Encryption: Data in Microsoft Teams is encrypted in transit and at rest, using industry-standard encryption protocols. This ensures that all communications and files shared within Teams are secure.

  • Secure Access: Access to Microsoft Teams is protected through strong authentication methods, including multi-factor authentication (MFA). This prevents unauthorized access to sensitive information.

B. Compliance

  • Regulatory Compliance: Microsoft Teams complies with various regulatory standards such as GDPR, HIPAA, and FERPA. This ensures that the data handled through Teams meets the necessary legal and regulatory requirements.

  • Data Residency: Microsoft offers data residency options, allowing data to be stored within specific geographic locations to meet regional compliance requirements.

C. Privacy and Control

  • User Privacy: Microsoft Teams ensures user privacy by providing granular control over who can access and share information. Users can set permissions for channels, files, and messages to control visibility and access.

  • Data Management: Microsoft Teams provides tools for data management, including data retention policies, eDiscovery, and legal hold. This helps in managing the data lifecycle and ensuring compliance with data retention requirements.

6. Data Collection and Handling

Data collection through the HP EdTech Incubator website will primarily be conducted using Microsoft Forms, integrated into the Squarespace platform.

A. Data Encryption

  • Encryption at Rest: Data collected through Microsoft Forms is encrypted while stored on Microsoft servers. This protects the data from unauthorized access.

  • Encryption in Transit: Data is encrypted during transmission from the user's browser to Microsoft Forms and from Microsoft Forms to our storage systems.

B. Data Access and Control

  • Access Restrictions: Access to collected data is restricted to authorized personnel only. Strong access controls and audit logs are maintained to track access and modifications to the data.

  • Data Retention: Data is retained only for as long as necessary to fulfill the purpose for which it was collected. Data retention policies are regularly reviewed and updated as needed.

7. Privacy Policy

A. User Consent

  • Informed Consent: Users are informed about the types of data being collected, the purposes of data collection, and how their data will be used. Explicit consent is obtained before collecting any personal information.

B. Data Usage

  • Purpose Limitation: Data is used only for the purposes specified at the time of collection. Any other use of the data requires additional user consent.

  • Data Minimization: Only the minimum amount of data necessary for the specified purpose is collected and processed.

7. Data Deletion and Permanency

A. Data Deletion Requests

  • User Requests: Users have the right to request the deletion of their data at any time. Requests can be made through our support team, and we are committed to responding promptly.

  • Deletion Process: Upon receiving a data deletion request, data will be securely and permanently deleted from our systems and any backups within 30 days.

  • Data Storage: Applicant data will be stored for a period of two years and then permanently deleted.

B. Data Anonymization

  • Anonymization: In cases where complete deletion is not feasible, data will be anonymized to remove personally identifiable information, ensuring that the data cannot be linked back to the individual.

8. Incident Response and Monitoring

A. Security Monitoring

  • Continuous Monitoring: The website is continuously monitored for suspicious activities and potential security breaches. Any anomalies are investigated promptly.

  • Security Audits: Regular security audits are conducted to identify and mitigate potential vulnerabilities.

B. Incident Response Plan

  • Incident Containment: In the event of a security incident, immediate steps are taken to contain the issue and prevent further damage.

  • Communication: Affected users and stakeholders are notified promptly in case of a data breach or security incident.

  • Post-Incident Review: After an incident, a thorough review is conducted to understand the cause and implement measures to prevent future occurrences.

9. User Responsibilities

A. Security Awareness

  • Strong Passwords: Users are encouraged to use strong, unique passwords for their accounts and change them regularly.

  • Phishing Awareness: Users should be vigilant about phishing attempts and avoid clicking on suspicious links or providing personal information to unverified sources.

  • Software Updates: Users should keep their operating systems and software up to date to protect against security vulnerabilities.

Conclusion

This document provides an overview of the security protocols in place for the HP EdTech Incubator website and the use of Microsoft Teams. These measures ensure that user data is collected, stored, and managed securely, maintaining the highest standards of privacy and data protection. By implementing strong security practices and continuously monitoring for potential threats, we aim to provide a safe and trustworthy environment for our users.