Role-based access control
Built-in roles, 80+ granular permissions and per-user overrides. Every screen and action is gated; the right people see exactly what they should.
ez.school is built on a true enterprise security foundation: role-based access, activity logs, encryption, consent and strict per-institution isolation — so institutions can adopt it with confidence.
| Actor | Action | When |
|---|---|---|
| Admin | Published marksheet — Term I | 2m ago |
| Teacher | Marked attendance — IX-A | 14m ago |
| Accounts | Recorded fee receipt | 31m ago |
| Registrar | Issued transfer certificate | 1h ago |
A clear, layered model — so your security review is predictable, not a guessing game.
Built-in roles, 80+ granular permissions and per-user overrides. Every screen and action is gated; the right people see exactly what they should.
Sensitive actions are logged with who/what/when. Active sessions are visible and revocable, with forced password change where required.
TLS for all traffic and encrypted storage for data and documents. Secrets and credentials are never exposed to non-owner roles.
An explicit consent ledger for sensitive data (e.g. biometric attendance). No consent, no capture — recorded and revocable per person.
Every institution runs on its own isolated database. Access across institutions is impossible by design and verified at every layer.
Attendance and exam periods can be locked and payroll-frozen. Locked records reject edits — even via approvals — preserving an audit baseline.
Regular backups with recovery practices suited to institutional continuity, so a bad day never becomes a lost term.
Certificates and ID cards carry signed QR codes anyone can verify — institution-specific, revocation-aware and rate-limited.
Share with your committee or review team — control areas and how ez.school covers them.
| Control area | Coverage in ez.school |
|---|---|
| Access control | Role-based privilege defaults for admins, staff, students and parents; per-user overrides. |
| Audit & monitoring | Logs for critical actions (logins, edits, issuance) suitable for investigations and reviews. |
| Data protection | Encryption in transit (TLS) and at rest for stored records and documents. |
| Data privacy | Consent ledger for sensitive capture; secret values write-only and redacted from non-owner roles. |
| Institution isolation | A dedicated database per institution; requests across institutions are rejected; ownership is enforced on every record. |
| Backup & recovery | Regular backups and recovery practices aligned to institutional continuity needs. |
| Identity integration | Optional SSO and directory alignment for campus-wide identity. |
Specific certification needs? Talk to us about your jurisdiction and review requirements.
What is supported in the product today, where our controls map to a framework, and what formal attestation is underway.
Consent ledger, data-subject and retention workflows in product
Purpose-limited capture, consent and revocation in product
Per-institution isolation with region options
Controls mapped to the standard
Formal third-party attestation planned
Statuses are current and updated as attestations complete — we never list a certification we have not been awarded.
Most multi-tenant school software keeps every customer in shared tables and relies on a filter — one missing clause away from showing another school's students. ez.school takes the stricter path: every institution runs on its own dedicated database. There is no shared student table to filter, no cross-institution query to get wrong. A request from one institution physically cannot read another's records.
This is also why groups trust the platform: each campus is isolated from its siblings by the same mechanism that isolates it from strangers — while reporting stays comparable because every campus runs the same model.
RFP security sections, review checklists, jurisdiction-specific questions — send them as they are.
A walkthrough maps each answer to the live control — roles, audit trails, locks — not to a slide.
You leave with the control checklist, isolation explanation and posture statements your committee needs.
Mention “security review” when you contact us and your questionnaire takes the fast lane.
Bring your security checklist — we'll walk through the controls on real screens.