This article is produced with scandiweb's eCommerce expertise

Collaborate with our development, PPC, SEO, data & analytics, or customer experience teams to grow your eCommerce business.

Hire us now

See our services

Browse the portfolio

Hire us

Our services

See portfolio

Teka Arveladze

Project Manager
Mar 03, 2026
7 min read
Pimcore
Case Studies
Technology

Securing Millions of Student Records in a Future-Ready Pimcore MDM Foundation

Related Services

Managing millions of records across thousands of institutions introduces requirements that extend beyond traditional eCommerce infrastructure. 

For organizations operating in regulated environments, legacy systems often carry invisible pressure points such as hardcoded logic no one wants to touch, fragile workflows patched over time, insecure data exchanges, asset storage scattered across outdated file systems, and compliance requirements that the current platform simply cannot meet.

Modernizing such a system requires replacing its backbone without disrupting daily operations or compromising sensitive data. 

Read how scandiweb delivered a Pimcore-based Experience Portal and Master Data foundation within six months, structured to address critical security gaps, support ST4S compliance, and establish the groundwork for centralized Master Data Management (MDM). 

About

Advanced Life is one of Australia’s leading school photography providers, serving thousands of schools nationwide. The company manages large volumes of sensitive student and staff data, as well as portraits, identification materials, and related services.

Data security, compliance, asset management, and workflow efficiency directly impact schools, administrators, and families. As regulatory requirements tightened and their legacy system aged, modernization became strategically critical.

Project goals

Advanced Life’s custom-built school portal had reached a point where security exposure, regulatory pressure, and architectural limitations could no longer be ignored. Serving thousands of schools and managing millions of student and staff records had made system fragility a business risk. We aimed to:

  • Replace a vulnerable custom-built legacy portal with a secure, modern platform
  • Eliminate critical security risks and implement SSO-enabled access control
  • Enable alignment with ST4S regulatory requirements
  • Improve how sensitive student data and portrait assets are managed and accessed
  • Replace manual, email-based workflows with secure portal-based processes
  • Introduce structured data modeling through Pimcore while keeping the existing client database intact during the MVP phase
  • Deliver a scalable architecture that could evolve into a centralized MDM system
  • Future-proof the infrastructure.

The main objective was to eliminate critical vulnerabilities, align with new compliance standards, and establish a foundation for future ecosystem growth, marking the first step in Advanced Life’s broader digital transformation.

Problem

Security exposure and fragile architecture

The legacy portal was custom-built and no longer aligned with modern security standards. Vulnerabilities that might be manageable in smaller systems became significant risk factors for Advanced Life.

With thousands of schools and millions of student and staff records, any breach scenario would carry serious consequences. The existing platform lacked structured access control, modern SSO capabilities, and best-practice security architecture. At the same time, new Australian regulations required ST4S compliance, something the legacy system could not support.

Advanced Life’s custom-built system had accumulated hardcoded features and tightly coupled logic, making enhancements difficult to implement and introducing risks with any changes. The platform was not maintainable, flexible, or future-proof.

Inefficient asset management

Student portraits and related assets were stored in inefficient file systems without centralized governance, creating structural weakness for an organization managing millions of image assets:

  • Operational friction
  • Limited visibility
  • Increased security exposure
  • Difficulty scaling workflows.

Due to limitations in the underlying data structure, some schools transmitted sensitive student data via email attachments. This workaround exposed a deeper issue: the system architecture did not adequately support secure, structured data exchange.

Modernizing without rewriting the database

Perhaps the most significant constraint was that the client’s existing database could not be altered during the MVP phase. The new platform had to be layered intelligently on top of the existing data source, with mapped data modeling inside Pimcore, introducing structure without destabilizing the system.

Approach

Our priority was risk elimination, alignment with compliance, and architectural control, delivered without disrupting live school operations or rewriting the client’s core database.

First, we needed clarity on three things:

  • Where the real security risks sat
  • Which workflows were structurally fragile
  • What could be modernized safely without destabilizing the ecosystem.

The legacy portal was custom-built and deeply intertwined with the client’s existing database, so the strategic decision was to avoid a destructive rewrite and instead introduce a controlled modernization layer that could gradually evolve into a centralized Master Data backbone.

From kickoff to production go-live, the entire transformation was delivered in six months. The timeline included:

  • Discovery and architecture planning
  • Data mapping and model structuring
  • Portal development
  • Security implementation.

Layered architecture with Pimcore

One of the most important architectural constraints was that the client’s existing database could not be modified during the MVP phase. Instead of attempting to clean, restructure, or migrate millions of records upfront, we:

  • Mounted the existing client database directly to Pimcore
  • Carefully mapped existing data elements
  • Designed a structured and manageable target data model within Pimcore.

In practice, this meant building a new architectural layer capable of interpreting inconsistent legacy data and presenting it in a structured format.

We intentionally designed the platform as the first phase of a broader MDM strategy. Pimcore was implemented as a structured data modeling layer and a future-ready data governance system that can absorb future integrations, enhancements, and model modernization.

Eliminating security risks

Advanced Life’s legacy system lacked modern best-practice security architecture and could not meet ST4S compliance requirements. To eliminate exposure and align with regulatory standards, we implemented:

  • Entra ID for secure admin authentication
  • AWS Cognito for school user authentication
  • Single Sign-On capabilities
  • VPN whitelisting for the admin panel
  • Australian IP restrictions for school portal access.

These measures introduced structured identity management and tightened access control without creating friction for end users. Notably, the chosen tools were compatible with the system architecture and aligned with the client’s budget considerations, ensuring compliance without unnecessary cost escalation.

Replacing fragile workflows

The new Pimcore Experience Portal replaced workarounds of email-based transmission of sensitive student data with safe, scalable processes:

  • Secure batch downloading capabilities
  • Controlled image uploads
  • Structured data editing interfaces
  • Custom export logic with tailored file naming conventions
  • Integrated ID card ordering workflows.

Previously, student portraits and related assets were stored in inefficient, fragmented file systems without centralized oversight. We introduced a structured asset management layer within Pimcore that centralized image governance, reduced reliance on insecure file storage, and prepared the system for long-term scalability.

The MVP was designed as a proof point, demonstrating that Advanced Life could transition from fragile custom infrastructure to secure, structured architecture. With the new platform in place, security risk is controlled, compliance alignment is enabled, data modeling is structured, and infrastructure is future-proofed. The foundation now exists to evolve toward complete Master Data centralization in the upcoming phases.

Results

Within only a few months, Advanced Life replaced a vulnerable custom-built legacy portal with a secure platform designed for national scale.

The transformation was delivered without modifying the existing client database during the MVP phase and without disrupting live operations across thousands of schools.

Immediate impact – the elimination of critical security risks. The new architecture introduced modern SSO-enabled authentication, structured access control, and controlled admin governance, resolving exposure points that previously left the system vulnerable. At the same time, the platform now supports alignment with ST4S regulatory requirements, removing a major compliance barrier.

Asset management moved from inefficient and fragmented file systems to a centralized layer within Pimcore. Manual and fragile workflows were replaced with secure, portal-based processes. Schools no longer rely on informal or insecure data exchange methods. Instead, structured uploads, downloads, and data editing capabilities provide predictable, governed interaction within a controlled environment. 

Strategically, the new platform positions Advanced Life as a market leader, with the project setting a benchmark for modernizing sensitive, high-volume ecosystems.

If your organization is operating on fragile custom infrastructure, waiting increases risk. scandiweb helps B2B organizations and B2C omnichannel retailers modernize digital ecosystems in controlled, measurable phases. Let’s discuss your transformation roadmap.

If you enjoyed this post, you may also like