Hello World CS maintains an information security program that is modeled on both CIS and NIST frameworks. Hello World CS stores the minimal amount of restricted data / PII required to operate the platform. This is limited to student first and last name, student school identifiers, and section enrollments. All restricted data / PII is stored on the Google Cloud Platform (GCP) and is encrypted in transit and and rest. A policy of least privilege is used to limit access to this data.
The Hello World CS platform is built on a cloud native serverless architecture hosting in Google Cloud Platform (GCP). All servers and infrastructure supporting our platform are maintained by GCP. Our platform follows GCP best practices for security, including network configuration and encryption. All container images running Hello World CS software are scanned for vulnerabilities, regularly updated (at least monthly), and can be updated and deployed within hours upon discovery of a vulnerability.