FERPA Compliance

Use Case: Deployments within corporate training, professional development, and department-level integrations within K-12 and higher-ed. YuJa provides:

• Secure user creation, provisioning and authentication
• Course and group creation and management
• Integrated administrative and management tools

Use Case: Deployments in higher-ed and K-12 enterprises where an LMS is the central course management and workflow system-of-record. YuJa provides:

• Support and partnerships with major LMS platforms including Blackboard,Canvas, D2L Brightspace, Moodle, Sakai, Jenzabar, Schoology and more
• Seamless Learning Tool Interoperability (LTI) integration with automatic provisioning of courses, roles and users
• Self-service installation guides and no-cost integration by a YuJa Solutions Engineer

Use Case: Deployments in corporations, higher-ed, and K-12 where institutions prefer to have users utilize their SSO credentials to login to YuJa directly instead of through their LMS. YuJa provides:

• A flexible SSO Module Provider enabling institutions to select their preferred SSO method
• Expertise and support for a broad range of SSOs including CAS, Shibboleth, OpenID, Ping, LDAP, Microsoft Active Directory
• No-cost customizations within a chosen SSO by a YuJa Solutions Engineer to ensure seamless integration

Data Security — All sensitive user data is transmitted through an encrypted SSL channel which uses 256 bit encryption.

Data Center Security — We use Amazon Web Services (AWS) as our key data center. To learn more about AWS’s physical and environmental procedures, please review this document.

At-Rest Data Security — All sensitive user data is either transmitted or stored via encryption or using industry-standard salting and/or hashing.

User Security — Access to YuJa systems that utilize data stored in our data centers is restricted to authorized full-time YuJa employees. We do not use external contractors or temp agencies.

The Enterprise Video Platform (EVP) runs entirely on HTTPS. This covers all suites and also includes our user authentication, media streaming, user management, data accesses, and platform administration.

We use external, multi-continent monitoring tools, as well as, internal customdesigned internal monitoring and alert tools across our systems.

YuJa’s Solutions and Product Team are responsible for providing testing guidelines that use Vulnerability Mapping to identify potential vulnerabilities and attack vectors with the systems.

YuJa validates that all Enterprise Video Platform (EVP) sub-systems are accessible using our external, multi-continent 24×7 monitoring system.

Up Time: YuJa’s Enterprise Video Platform has an up-time of nearly 100%, with a cumulative system total of 99.9%.

Server Response Value: Our network and systems are optimized to provide a response value within approximately 200-400ms.

YuJa’s primary data center is hosted by Amazon Web Services (AWS). We currently use the Virginia and Oregon data center locations (availability zones).

RTO (“the recovery time”) in a catastrophic production system event where our onsite read replicas are intact is one calendar day with an RPO (“maximum data loss”) of zero across both the cloud storage and relational databases. In the event of a catastrophic production system event where our onsite read replicas are destroyed across all availability zones, the relational databases would have an RTO (“the recovery time”) of one calendar day with a RPO (“maximum data loss”) of at most one calendar week of database updates.

YuJa Inc. does not disclose, release or sell any customer data to external entities. With specific regard to FERPA, we comply with all requirements regarding maintenance and disclosure of student data.

YuJa maintains up-to-date compliance documentation of all state-level privacy policies, including California. Detailed questions on specific state privacy policy laws may be directed to our corporate counsel at Goodwin Proctor LLP or your designated Business Lead.

YuJa extensively tests our platforms to ensure that the system is usable by a broad cross-section of users. We provide our Section 508 VPAT review for download and review by all institutions. While there are no known gaps identified during Section 508 review, we constantly evaluate new features and systems for conformance with these specifications.

YuJa Inc. and its employees are insured by General Liability Commercial Insurance, Worker’s Compensation Insurance, and Professional Liability Insurance (Errors & Omissions), including Privacy and Security Liability