Regular updates are published every two weeks. Emergency patches can be released at any time. These types of changes do not incur any downtime – users simply are asked to log on again. Scheduled downtime is rare – once or twice a year.
How long is a typical maintenance window where the system is unavailable?
Application updates do not involve downtime. Maintenance windows vary according to the nature of the operations, but can be from 15 minutes to an hour.
How is the data backed up?
Six copies of the database are continuously maintained in three different AWS availability zones. Logging data for the database is kept for the past 30 days. Snapshots are available before that for up to a year.
Is the data encrypted?
Yes. All data is encrypted both at rest, and in transit, on both sides of the firewall.
Do you use SSL/HTTPS?
Yes. All of our web servers use SSL over HTTPS. Furthermore HTTPS is enforced by our load balancers and special security headers are added which force clients to always connect via HTTPS.
Do you support TLS v1.1 or higher?
Are you PCI compliant?
Our credit card processor is. We do not store any credit card data.
Do you conduct regular penetration testing?
How do you monitor for security vulnerabilities?
We perform dynamic and automatic monitoring for network security threats. We also perform regular static code analysis to identity security issues, such as OWASP Top 10 vulnerabilities, dependency vulnerabilities and other kinds of threats.
Do you require the use of Flash or any other plugin?
Our application does not use Flash or any Java plugin. Adobe Acrobat is required to view certain reports. It does not have to be configured as a plugin
Do you use browser popups?
Only for certain reports.
How are users’ capabilities restricted?
The application has an extensive system of roles. They control database access down to the record and field level. They also control which service endpoints in the application are accessible. Role related permissions are evaluated on the server.
Do you support LTI?
Yes, for Auto-Provisioning users & courses
Which SSO technologies do you support?
How do you expose data for reporting purposes?
Export of data via CSV
Download via SFTP (custom integration)
Access to read-only replica of Aurora (MySql) database
What analytics engines are supported?
Any that can work with MySql data.
How can data be imported into the system?
Automated upload of formatted data via SFTP
Is client access web based?
Which browsers are supported?
Chrome, Firefox, Safari, Edge
Which operating systems are supported?
What 3rd party technologies are incorporated into the solution?
Contact sales for more information.
Can the application be expanded or upgraded?
New features as they become available
What are the typical implementation team size, roles, and responsibilities?
Tevera will assign a Customer Success manager to your institution for the duration of the service agreement time frame. The Customer Success Manager will orchestrate the on-boarding and ongoing training and support for your institution. Tevera operates from a Champion model and will train the identified Champions at your institution. The Customer Success Manager will also work with the institution’s implementation team regarding integration with identified and agreed upon institution systems.
What kind of support is offered?
Tevera provides unlimited help desk chat and ticketing support for each end user. Additionally, Tevera provides LMS and help desk files to end users.
What kind of SLA do you offer?
Please see Schedule D, Service Level Agreement, in the contract.