Security at CampusESP

CampusESP maintains a robust set of security policies and procedures, modeled after the NIST 800-53 security framework, moderate level. These include access controls, uptime monitoring, risk assessments, third-party penetration studies, and system maintenance.

CampusESP offers a HECVAT 3.05 for review, and is proud to have completed a SOC 2 Type 2 audit.

CampusESP also has certifications to meet other popular regulations, including FedRAMP and TX-RAMP.

To date, we have never had a security or privacy breach.

CampusESP uses Amazon Web Services (AWS) to store data; we do not maintain any of its own servers on-premise. Customer data is secured by AWS’ industry-leading security measures, quick scaling, and high availability rates. Data is stored in the AWS US-East region and is replicated to a second data center for disaster protection. Data is stored in a multi-tenant environment protected by logical access controls.

PCI DSS Acknowledgment

Although CampusESP does not store, process, or transmit cardholder data directly, we recognize that our platform can impact the security of cardholder data by redirecting end users to each client’s designated payment processor. Accordingly, CampusESP:

1. Maintains administrative, technical, and physical safeguards aligned with the Payment Card Industry Data Security Standard (PCI DSS) for any aspect of our services that could affect the security of cardholder data.

2. Provides reasonable evidence of our applicable PCI compliance (e.g., Self-Assessment Questionnaire, Attestation of Compliance) upon request.

3. Will promptly notify the client of any unauthorized access, suspicious activity, or data security incident that might compromise the payment process under our control.

4. Acknowledges that the client remains the merchant of record and is independently responsible for its own PCI DSS obligations with third-party payment processors.

Accessibility Statement

At CampusESP, we are committed to ensuring digital accessibility for users with disabilities. We strive to provide an inclusive and user-friendly experience for everyone.

Our platform is built and maintained by team members trained in accessibility best practices, ensuring that accessibility is a priority throughout the development process. To uphold the highest accessibility standards, we conduct an annual third-party audit of our platform. This audit provides us with a third-party VPAT (Voluntary Product Accessibility Template) that confirms our full conformance with WCAG 2.2 at A and AA levels. This process ensures we meet current accessibility requirements and continuously improve our platform.