FERPA Compliance

Our FERPA compliance ensures that organizations can deploy solutions aligned with their governance requirements.

FERPA Compliance

Platform Integration
The YuJa Enterprise Video Platform (EVP) can be accessed as a standalone platform, embedded into a Learning Management System (LMS), or integrated into an enterprise’s Single Sign On (SSO) systems.
Standalone Mode	Use Case: Deployments within corporate training, professional development, and department-level integrations within K-12 and higher-ed. YuJa provides: Secure user creation, provisioning and authentication Course and group creation and management Integrated administrative and management tools
Learning Management System Mode	Use Case: Deployments in higher-ed and K-12 enterprises where an LMS is the central course management and workflow system-of-record. YuJa provides: Support and partnerships with major LMS platforms including Blackboard,Canvas, D2L Brightspace, Moodle, Sakai, Jenzabar, Schoology and more Seamless Learning Tool Interoperability (LTI) integration with automatic provisioning of courses, roles and users Self-service installation guides and no-cost integration by a YuJa Solutions Engineer
Non-LMS Single Sign On (SSO) Mode	Use Case: Deployments in corporations, higher-ed, and K-12 where institutions prefer to have users utilize their SSO credentials to login to YuJa directly instead of through their LMS. YuJa provides: A flexible SSO Module Provider enabling institutions to select their preferred SSO method Expertise and support for a broad range of SSOs including CAS, Shibboleth, OpenID, Ping, LDAP, Microsoft Active Directory No-cost customizations within a chosen SSO by a YuJa Solutions Engineer to ensure seamless integration

Platform Security
YuJa’s Enterprise Video Platform (EVP) offers institutions industry-leading security measures to ensure continuous availability and enterprise security.
System Security	Data Security — All sensitive user data is transmitted through an encrypted SSL channel which uses 256 bit encryption. Data Center Security — We use Amazon Web Services (AWS) as our key data center. To learn more about AWS’s physical and environmental procedures, please review this document. At-Rest Data Security — All sensitive user data is either transmitted or stored via encryption or using industry-standard salting and/or hashing. User Security — Access to YuJa systems that utilize data stored in our data centers is restricted to authorized full-time YuJa employees. We do not use external contractors or temp agencies.
Transfer Protocols	The Enterprise Video Platform (EVP) runs entirely on HTTPS. This covers all suites and also includes our user authentication, media streaming, user management, data accesses, and platform administration.
Monitoring & Upgrades	We use external, multi-continent monitoring tools, as well as, internal customdesigned internal monitoring and alert tools across our systems. YuJa’s Solutions and Product Team are responsible for providing testing guidelines that use Vulnerability Mapping to identify potential vulnerabilities and attack vectors with the systems.
Network Availability	YuJa validates that all Enterprise Video Platform (EVP) sub-systems are accessible using our external, multi-continent 24×7 monitoring system. Up Time: YuJa’s Enterprise Video Platform has an up-time of nearly 100%, with a cumulative system total of 99.9%. Server Response Value: Our network and systems are optimized to provide a response value within approximately 200-400ms.
Data Centers	YuJa’s primary data center is hosted by Amazon Web Services (AWS). We currently use the Virginia and Oregon data center locations (availability zones).
Disaster Planning	RTO (“the recovery time”) in a catastrophic production system event where our onsite read replicas are intact is one calendar day with an RPO (“maximum data loss”) of zero across both the cloud storage and relational databases. In the event of a catastrophic production system event where our onsite read replicas are destroyed across all availability zones, the relational databases would have an RTO (“the recovery time”) of one calendar day with a RPO (“maximum data loss”) of at most one calendar week of database updates.

Legal and Compliance
YuJa Inc. believes we comply with all known regulations, policies, and laws in the jurisdictions and sectors that we operate in. Given an ever-changing compliance landscape, we constantly review changes to ensure we continue to remain in compliance with both the spirit and letter of applicable regulations.
Data Disclosure and FERPA	YuJa Inc. does not disclose, release or sell any customer data to external entities. With specific regard to FERPA, we comply with all requirements regarding maintenance and disclosure of student data.
Privacy Policies	YuJa maintains up-to-date compliance documentation of all state-level privacy policies, including California. Detailed questions on specific state privacy policy laws may be directed to our corporate counsel at Goodwin Proctor LLP or your designated Business Lead.
508 / VPAT Assessment	YuJa extensively tests our platforms to ensure that the system is usable by a broad cross-section of users. We provide our Section 508 VPAT review for download and review by all institutions. While there are no known gaps identified during Section 508 review, we constantly evaluate new features and systems for conformance with these specifications.
Liability and Security Insurance Coverage	YuJa Inc. and its employees are insured by General Liability Commercial Insurance, Worker’s Compensation Insurance, and Professional Liability Insurance (Errors & Omissions), including Privacy and Security Liability

Join the Hundreds of Organizations Deploying High-Impact Learning Solutions