KYVC Security Policy
The Web sites and course management system (CMS) servers are hosted at a Tier 1 ISP data center managed by Embanet Corporation in Toronto, Canada. Security is integrated across the entire company, and all processes involving sensitive data have the proper encryption processes in place, for external as well as internal procedures. All Embanet employees have contractual obligations to protect Embanet and KYVC, and Embanet limits access to sensitive information to only that which the employee requires to properly perform his or her job. The KYVC’s hosting services from Embanet include:
- 24/7/365 live monitoring of Embanet’s infrastructure, including a hardware and software combination system to monitor activity on the network for viruses, denial-of-service and hacking;
- multiple Tier 1 Internet bandwidth providers for redundancy;
- daily backups to protect KYVC providers’ courses and intellectual property;
- monthly archiving of information stored off-site; and,
- multiple data centers.
The security infrastructure includes:
- Secure Shell (SSH) for secure FTP transactions;
- Secure Socket Layer (SSL), a protocol for transmitting private data via the Internet, to provide 128-bit data encryption for the SIS, KYVC’s student information system, and all Web forms;
- A custom security protocol created by Embanet that addresses issues such as Encapsulating Security Payload (ESP), Authentication Header (AH), NAT and firewall traversal, and general IP security;
- Provider-based and role-based access permissions for the SIS.
The SIS E-commerce module refers to the online validation and transaction of payment for products and/or services purchased by customers through the partner’s website. This process involves the real time verification and transaction of payment using credit cards via e-Payment Gateway, Link2Gov, and the storage of the transaction information (including confirmation number) within the SIS. However, no credit card information is stored in the SIS.
- Secure connection via 128-bit encryption Secure Socket layer (SSL) both in the SIS and e-Payment Gateway to safeguard sensitive personal information, including credit card number, during online transactions.
- Real-time verification of funds (within 20 seconds).
- Capability to delay payment or return to pay for failed transactions without going through the entire process again.
- Confirmation email notification of userID and password to learners, instructors and designated personnel within same web session.
- Scalable architecture so that future offerings will require very little coding.
- Tracking of confirmation numbers.
- Reconciliation of fund balances & accounts via e-Payment Gateway and Accounts Receivable, which processes the payment.
- Security-Liability issue:
- Link2Gov and e-Payment Gateway:
As a state-contracted vendor and a state portal, these two vendors are responsible for interfacing with credit card payment processing entities and their processes. For added security, credit card information is not stored in the SIS nor on a state government database and only authorized employees have access to credit card number for card processing purposes.
KYVC is a processing agent on behalf of the KYVC Provider Institution and is not liable for any misuse of information involved in transactions.
- KYVC Provider Institution:
As the owner of this project’s content, the KYVC Provider Institution will be responsible for all that is not borne by the two designated vendors: Link2Gov and e-Payment Gateway.
- Link2Gov and e-Payment Gateway:
- The Link2Gov and e-Payment Gateway vendors provide payment validations and transactions.
- Transaction confirmation transmission to the SIS.
- Fund balances via e-Payment Gateway and MARS.
- SSL is highly regarded to be a very safe encryption method, but if a KYVC user is not comfortable entering their credit card information online, they may call KYVC Call Center at 877-740-4357 to find out how they can pay by check or money order. The KYVC Call Center personnel are not allowed to receive credit card information.
KYVC Terms and Conditions of Use
Since the KYVC's course catalog, courses and library electronic databases contain information supplied directly by its partners, the KYVC accepts no responsibility for the opinions and information posted by others. The KYVC disclaims all warranties with regard to information posted on this site, whether posted by the KYVC or any third party; this disclaimer includes all implied warranties of merchantability or fitness. In no event shall KYVC be liable for any special, indirect or consequential damages or any damages whatsoever, including those resulting from loss of use, data or profits, arising out of or in connection with the use or performance of any information posted on this site.
An active user is a holder of a KYVC account that has not been de-activated or deleted. Active users
- are associated with current or future course offerings, and/or
- have logged in and used any part of the KY Virtual eLearning Portal at any time in that fiscal year (July 1 through June 30).
Account holders may not post any defamatory, abusive, profane, threatening, offensive or illegal materials, statements or information. Account holders may not post any information or other material protected by copyright without the permission of the copyright owner. By posting such material, the posting party warrants and represents that it owns the copyright with respect to such material or has received permission from the copyright owner. Using the KYVC environment for unsolicited sales, spam or chain letters is prohibited.
The KYVC reserves the right to determine individual eligibility to receive a KYVC account and to remove account holders in the event of abuse or violation of these terms and conditions of use.