Graduation Management Services

Designed to meet international regulatory obligations


We designed Tassel Turner to be a trustworthy platform with data governance and compliance made easy through convenient administrative controls.

Legal basis for data collection

The legal basis for the platform's collection and use of data depends on the data concerned and the context in which it was collected. All platform data management is explicitly controlled by system administrators and constitutes a functional requirement to use the Tassel Turner features in question, for example sending emails, personalizing tickets, or conducting surveys.

Shared Responsibility

Tassel Turner follows a shared responsibility model common to software as a service platforms. While the infrastructure and workload responsibilities are sustained by us, users are necessarily responsible for other areas of the platform, specifically in regard to the ownership of data, user consent, and freedom of information laws.

Tassel Turner ResponsibilitiesShared ResponsibilitiesClient Institution Responsibilities
Infrastructure, network, and software security

Platform availability and reliability

Data storage, encryption, and backups

Platform software releases and patch deployments
Business processes such as incident management or validation testing

Configuring DNS records for platform domains and mail servers

Servicing data rights requests
All data created, imported, generated, uploaded, and exchanged while using the platform

Application access controls and security settings

User authentication and identity management

Software integrations with third party services

Data retention and destruction policies

Mechanisms and Controls

Tassel Turner provides all the tools you need to uphold your institution’s compliance responsibilities with safe secure defaults and flexible customization options.

  • Platform data is encrypted data in transit, at work, and while at rest using strong encryption and key management.
  • All communication channels have multiple opt-out mechanisms and automatic block lists
  • Administrators follow a strong permission-based access control
  • Multi-factor and passwordless user authentication
  • The entire lifecycle of data from collection to destruction is supported through platform controls
  • All platform services and applications comply with accessibility requirements and regulations
  • Immutable audit logs are created to track user and system activity
  • We perform automated security scans and static code analysis a part of the Tassel Turner development and release cycle
  • We proactively monitor our systems data breaches and maintain an incident response plan
  • Configurable alert notifications for security events

User rights

Tassel Turner supports the data rights of all users out of the box through a variety of data management features. Students, staff, guests, partners, and all other identifiable users of the platform have the following rights:

  • Right to access: users can access and request the data collected on them and how it’s used
  • Right to correction: users can request or perform corrections on their personal data
  • Right to restrict processing: users can restrict which personal data they provide and opt out of processing
  • Right to erasure: users can request to purge all their data from the system
  • Right to data portability: user can download their data in a common machine-readable format
  • Right to object: users have the means to object to the use of their information
  • Right to complain: users have the means to complain to a supervisory authority if available

Note that the exact implementation of data rights features will depend on how you or the system administrator configures Tassel Turner.

Hosting Environment

Tassel Turner is fully hosted on Amazon Web Services (AWS). AWS has a proven track record providing secure services to enterprise customers and governments, and complies with an extensive catalog of standards.

Unlike many platforms, Tassel Turner uses no additional hosting or third party web services outside the AWS environment, minimizing the risks of data exposure and consolidating privacy controls around the smallest surface possible.

Platform deployments on Tassel Turner are completely independent from each other and utilize no shared resources such as databases or cloud storage. The platform architecture ensures sure your data is strictly segregated both logically and physically.

Reference compliance

We apply comprehensive safeguards to all Tassel Turner organizational and technical operations, and have designed our services to facilitate governance across various laws and frameworks that apply to the regulatory landscape of higher education.

Privacy Laws and Regulations:

In general terms of data privacy Tassel Turner can be considered a data processor or data custodian.

Although there are many regional privacy standards they are broadly aligned in their scope and mandate. Regardless of the location of a university or end user, we apply the strictest prevailing responsibilities and aim to fulfill the requirements of the following regulations.

Security Standards and Frameworks:

Tassel Turner is designed and operated in compliance with the most broadly recognized security frameworks pertinent to software as a service (SaaS) providers. We use a harmonized framework covering the following standards:

Information Management Frameworks:

Tassel Turner can potentially undertake a wide range of responsibilities depending on how you adopt the platform and which institutional frameworks you already have in place.

The specifics of information management systems will differ in their implementation, as well as overlap with common privacy and security regulations. We employ a variety of best practices and harmonized policies to support compliance with frameworks such as the following.