Last Updated October 2020

ApplyProof is an innovative solution that supports international students who are applying for a Canadian study permit. This secure, digital lockbox enables both immigration stakeholders, institutions, and students to be assured about the authenticity of an official document by viewing the digitally signed original securely online.

A stand-alone platform developed by ApplyBoard, Canada’s education technology leader, ApplyProof ensures and reassures trust in international student documents. Secure and efficient authentication of documents is now reliably a click away with minimal integration required for users.

Enhanced Security

ApplyProof is constantly evolving its security programs to meet the latest industry-standard security, or better. Our systems include redundant access controls to prevent the possibility of a single human error or a single vulnerability in a security vendor from exposing any data in our care. 

ApplyProof is constantly evaluating and enhancing its compliance programs to meet evolving local and international compliance standards. As compliance standards evolve in multiple jurisdictions, ApplyProof’s compliance is monitored through proactive reviews. Enhancements will be implemented when required. ApplyProof is hosted entirely in Canada. 

ApplyProof security is independently rated and consistently ranks among the top educational organizations globally.   

Summary 

  • By design, multiple information security system controls maintain the confidentiality of uploaded data.
  • Access to systems, data, and data centers is restricted to authorized personnel only.  ApplyProof adheres to Canadian (PIPEDA and provincial) compliance standards and is in the process towards full GDPR compliance.
  • Installation and management of software are conducted by qualified SaaS operations technicians. Only approved and licensed software is installed within the SaaS environment.
  • ApplyProof requires the use of multiple access keys, controlled, and distributed by the Originators of the data (Data Subject).
  • All institutional users are educated on the operation of ApplyProof. 
  • Infrastructure configurations may only be modified by approved technicians during approved maintenance windows, using a strict change-control process. 
  • The change-control process requires a review by the Security team to ensure that application and infrastructure changes meet local and international IT security standards, and do not expose environments to additional risk.
  • Data, consistently backed up to safeguard documents is stored on secure encrypted cloud storage.
  • Weekly Vulnerability and penetration testing, as well as security-code reviews, are routinely performed as part of the Vulnerability Management program. This ensures our ability to prevent and protect against unwanted attacks. An annual penetration test is also completed by a leading third-party security vendor.
  • Independent third-party real-time monitoring ensures new vulnerabilities are identified and mitigated.  Independent monitoring also ensures Network, DNS, Firewall, and server configurations are properly secured to protect against new and evolving hacking techniques.