Tassel Turner follows a shared responsibility model common to software as a service platforms. While the infrastructure and workload responsibilities are sustained by us, users are necessarily responsible for other areas of the platform, specifically in regard to the ownership of data, user consent, and freedom of information laws.
|Tassel Turner Responsibilities||Shared Responsibilities||Client Institution Responsibilities|
|Infrastructure, network, and software security|
Platform availability and reliability
Data storage, encryption, and backups
Platform software releases and patch deployments
|Business processes such as incident management or validation testing|
Configuring DNS records for platform domains and mail servers
Servicing data rights requests
|All data created, imported, generated, uploaded, and exchanged while using the platform|
Application access controls and security settings
User authentication and identity management
Software integrations with third party services
Data retention and destruction policies
Tassel Turner provides all the tools you need to uphold your institution’s compliance responsibilities with safe secure defaults and flexible customization options.
Tassel Turner supports the data rights of all users out of the box through a variety of data management features. Students, staff, guests, partners, and all other identifiable users of the platform have the following rights:
Note that the exact implementation of data rights features will depend on how you or the system administrator configures Tassel Turner.
Tassel Turner is fully hosted on Amazon Web Services (AWS). AWS has a proven track record providing secure services to enterprise customers and governments, and complies with an extensive catalog of standards.
Unlike many platforms, Tassel Turner uses no additional hosting or third party web services outside the AWS environment, minimizing the risks of data exposure and consolidating privacy controls around the smallest surface possible.
Platform deployments on Tassel Turner are completely independent from each other and utilize no shared resources such as databases or cloud storage. The platform architecture ensures sure your data is strictly segregated both logically and physically.
We apply comprehensive safeguards to all Tassel Turner organizational and technical operations, and have designed our services to facilitate governance across various laws and frameworks that apply to the regulatory landscape of higher education.
In general terms of data privacy Tassel Turner can be considered a data processor or data custodian.
Although there are many regional privacy standards they are broadly aligned in their scope and mandate. Regardless of the location of a university or end user, we apply the strictest prevailing responsibilities and aim to fulfill the requirements of the following regulations.
Tassel Turner is designed and operated in compliance with the most broadly recognized security frameworks pertinent to software as a service (SaaS) providers. We use a harmonized framework covering the following standards:
Tassel Turner can potentially undertake a wide range of responsibilities depending on how you adopt the platform and which institutional frameworks you already have in place.
The specifics of information management systems will differ in their implementation, as well as overlap with common privacy and security regulations. We employ a variety of best practices and harmonized policies to support compliance with frameworks such as the following.