Security at Instructional Partner

Instructional Partner uses administrative, technical, and organizational controls to protect district, educator, and student-related information in the platform.

Our current security program includes tenant-aware access controls, authentication hardening, structured logging, rate limiting on public endpoints, and role-aware application flows.

Access to organization data is scoped through tenant membership and authenticated API access. Administrative actions are separated from standard teacher workflows.

We are rolling out additional step-up protections for privileged administration, including multi-factor authentication for elevated access paths.

Instructional materials, uploaded files, generated outputs, and workflow artifacts are handled through application-layer controls designed to limit unnecessary exposure of sensitive information.

Where possible, the platform prefers reusable structured instructional context and pseudonymous processing over repeated handling of raw student-identifiable content.

Uploaded instructional resources are converted into tenant-scoped Transfer Blocks, and rights metadata can be captured to support attribution, traceability, and safer generation constraints without blocking teacher workflows.

The platform records structured application events to support troubleshooting, security review, and operational investigation.

We are continuing to expand audit logging coverage for privileged and sensitive actions as part of our security roadmap.

Instructional Partner is deployed on managed cloud infrastructure and relies on cloud-provider physical and environmental protections as part of the shared responsibility model.

Our security roadmap includes continued improvement of alerting, backup validation, encryption evidence, and infrastructure hardening documentation.