Wisr Security and Data Compliance


  • Wisr is cloud-hosted through Amazon Web Services at the AWS U.S. East site. More information available at https://aws.amazon.com/security/.
  • Wisr's data is encrypted at rest using a PBKDF2 algorithm with a SHA256 hash. All data is transmitted over SSH and SSL/TLS. Wisr is HTTPS only.
  • Wisr's database is managed through Heroku, using SSL connections only. More information available at https://www.heroku.com/policy/security.
  • Access to AWS compliance documentation, including ISO and SOC are available here.
  • Wisr is a GDPR compliant vendor, acting as a processor of data on behalf of the university. Here is a copy of our latest privacy policy.
  • Wisr is WCAG 2.0 AA Compliant
  • All Wisr employees are background checked, with company-issued laptops that are encrypted with a company managed password system, in addition to being trained in our information security policy and incident response plan.
  • Wisr creates full backups of the database daily and writes all transactions using write-ahead logs. This enables us to achieve a realtime recovery point objective, and a recovery time objective to restore full production environments within 24 hours in the event of a disaster.
  • Wisr carries a cyber-risk insurance policy of $1m per incident.
  • Wisr does not handle PCI or PHI regulated data.

EDUCAUSE IT Vendor Assessment


WCAG VPAT - Accessibility Checklist

Wisr WCAG VPAT Checklist

Wisr Info Sec Policy

Download Wisr Information Security Policy

IT Implementation Requirements

For an overview of our implementation project, check out these articles in our Technical Setup collection.

While IT's implementation requirements are minimal, the following items can require their support (often in conjunction with the Data or Advancement Services Team):

  • Wisr needs 5 data fields in a CSV file to pre-authorize network access for members: First Name, Last Name, Email Address (for invitations to join), Unique Identifier or Database Key (typically the ID used for member records in Advance or Raiser's Edge, for example), and Member Type.
  • Whitelisting Wisr's email invitation domain to improve email invitation deliverability for members with your school.edu email addresses (typically students, staff, and faculty). See our article on Email Deliverability for more information on what domains we need to be whitelisted ahead of launch.
  • The university owns the data hosted in Wisr's system and can extract reports at any time. To set up a custom reporting cadence, reach out to your customer success manager using the contact form on this page.

Still need help? Contact Us Contact Us