Skip to main content
Skip table of contents

Overview of Security Model

The primary goals of the application security model of PowerSchool Special Programs are:

  • Allow users access to the information they need to perform their authorized roles.
  • Prevent users from accessing sensitive information or taking actions that are not allowed.
  • Provide an audit trail of user access and activities.

To meet these goals, the security model addresses the following aspects of security:

  • Encryption: Encryption prevents unauthorized persons from eavesdropping on data transmissions and acquiring passwords or sensitive information. PowerSchool Special Programs uses 128-bit SSL encryption and secure hypertext transport protocol (HTTPS).
  • Authentication: PowerSchool Special Programs require users to provide a valid user ID and password to gain access. Administrators can configure the complexity of a password (for example, a minimum of eight characters with at least one upper and lower case character, a numeric character, and a punctuation character). Passwords can either be stored within PowerSchool Special Programs or in the case of a self-hosting school district, within the Active Directory. An account is temporarily deactivated when a user fails multiple login attempts. Inactive sessions are logged out, and users will need to log back in to resume.
  • Authorization: System administrators can create security groups and assign access privileges to manage access to information related to classes, caseloads, schools, districts, etc. If self-hosted, administrators can manage group-level access using the Active Directory.
  • Auditing - Administrators can track user activities to determine who did what and when. Audit trails also contain any configuration changes, old and new edits, workstation IP addresses, etc. Administrators can also set alerts to be notified of suspicious activities.
  • Backup: Data hosted with PowerSchool is backed up several times daily. Data is also backed up to a long-term archiving facility weekly. These measures allow administrators to use built-in tools to restore data securely.
  • Physical Security / Disaster Prevention and Recovery: PowerSchool servers reside in a data center protected by round-the-clock security personnel and surveillance systems. Apart from physical security measures, our servers are also secured by firewall and anti-virus applications and are regularly updated with critical software patches. PowerSchool hosted servers use failover components: power supplies, RAID5 hard drives, etc. The data center has an on-site power generator that activates automatically during a power outage.
  • Application-level attack prevention: An independent security review by Microsoft engineers ensures best practices are followed at each level of the application layer to prevent application-level attacks. Threat modeling, vulnerability assessment, and mitigation methodologies ensure our products are not vulnerable to SQL injection, cross-site scripting, buffer overflow, and other attacks.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.