What software do we need to install on our servers?
None. Alumni Spaces is provided as an external service which means all of our products run on our own infrastructure so there is no need to install or maintain anything on your own systems. We use APIs to facilitate any exchange of data with existing systems and all upgrades and maintenance happens on our servers. Think of all the time you’ll save! Use a few moments of that time to read some of our favorite geek humor: We’ve Lost Server 54, The case of the 500 mile email, Center of the Find My iPhone Universe.
Is data from the network backed up?
Yes, very regularly. The core Alumni Spaces platform is fully backed up every 24 hours, including the source code, user-created content and uploaded assets. The Alumni.Fund platform uses 2 redundant MongoDB clusters which are replicated close to real-time and produce hourly archival backups, ensuring data integrity and secure recovery options. Eventually, we’re hoping our investors will let us buy one of these as an extra-ultra-mega-secure backup storage facility.
How secure is the network from hackers?
Most technology professionals will tell you that no system is unhackable, but we have gone to great lengths to ensure client data security and have multiple layers of application security in place to prevent and respond to unauthorized system access. We have systems in place limiting disk-write capabilities to whitelisted sources, regularly scanning all database content and source code for malicious scripts and restricting admin access to individuals with two factor authentication. Our hosting provider regularly performs internal and external vulnerability scanning, external penetration tests and 3rd party auditing of security measures to ensure SAS 70 Type II examination.
Is your payments platform secure?
Alumni.Fund maintains all PCI SAQ-D certification requirements, including monthly external vulnerability scans, forced HTTPS connections and blackboxed middleman API services to obscure access points. We use Braintree for all credit card transactions and all other systems are hosted with PCI-compliant facilities and systems.
Is your payments platform PCI compliant?
Yes, we are compliant with all SAQ-D requirements and are happy to provide AoC documentation if necessary. We perform monthly external compliance scans to ensure continued compliance and only use external payment processors who meet the highest PCI standards. Our entire team is also required to wear tinfoil hats while near computers to prevent remote access.
Our institution is 177 years old but Alumni Spaces is only 3. If anything ever happens, where does our data go and how do we ensure it is portable?
Our goal is to be an evolving resource and that means planning for the future and making data as flexible as possible so you never need a DIY punch card reader. All content can be exported to an XML file or accessed via an Amazon CloudSearch instance in JSON, CSV and XML formats; static assets can be downloaded on request and any Alumni.Fund records are available as JSON objects. In the very unlikely event that our service is discontinued due to acquisition or dynamic market conditions, we maintain an external copy of all source code and provide perpetual, non-transferable, non-commercial license to existing clients to operate the platform.