Your school's data is sacred
Governance, cryptography, tenancy isolation, and operational discipline underpin every Ardent SMS surface — from guardian apps to registrar consoles.
Ghana DPA-aligned posture
Programmes map to Data Protection Act 2012 obligations: transparent purposes, lawful processing, guardian consent artefacts, breach playbooks, and export support for auditors.
Marketing analytics stay behind explicit cookie consent — no covert tracking envelopes.
Operational teams pair consent management with DPIA artefacts so multi-campus trusts can defend processing narratives.
Encryption in transit and at rest
Browser surfaces negotiate TLS 1.3 with modern cipher preferences; Postgres and blob stores inherit provider-managed AES-256 class envelopes.
Employee personally identifiable fields in core workflows use libsodium-backed encryption so delegated operators only unwrap what policy allows.
Secrets for webhooks and service mesh identities rotate through vaulted automation paths instead of spreadsheets.
Granular access control
Role bundles separate registrar, safeguarding, finance, guardian, alumni, and system scopes — each inherits least privilege defaults per campus.
Privileged actions plan for phishing-resistant MFA uplift where break-glass accounts exist.
Tenant isolation is structural: Postgres row-level guarantees stop cross-learning-leak queries at the boundary.
Session choreography invalidates dormant devices while respecting shared lab environments.
Audit and accountability
Configuration deltas, moderation decisions, and financial postings capture WHO/WHEN/WHY payloads suitable for supervisory boards.
Append-only telemetry feeds land in stewarded sinks with retention aligned to Ghana record-keeping norms.
Incident retrospectives reconcile tamper-evident hashes so downstream SIEM partners ingest trustworthy timelines.
Independent security assurance
Third-party penetration tests run at least twice per year with remediation SLAs tracked publicly for enterprise contracts.
Design reviews deliberately cover OWASP Top 10 scenarios including SSRF against webhooks.
Coordinated vulnerability disclosures route through embargo-friendly channels with monetary recognition for critical defects.
Reliability that backs your uptime story
Billable workspaces target a 99.9% uptime commitment with externally published incident communications.
Automated backups snapshot tenant data daily; quarterly restores rehearse ransomware and region-loss outcomes.
Disaster-recovery rehearsals document RTO/RPO envelopes so district-wide boards can attest continuity.