Skip to main content

Setting Expectations on Security Practices

This is the first blog on the new TrustEd Apps Rubrics (self-assessment tools) developed by the 1EdTech community.

As security needs and regulations increase, the 1EdTech community banded together to save everyone time and resources during the educational technology vetting process.

1EdTech’s new TrustEd AppsSecurity Practices Rubric is designed to gather base-level security policies, procedures, and processes to help educational institutions determine if a tool is worth taking a closer look at.

The rubric also gives new edtech suppliers a basic understanding of what is needed and expected by educational institutions regarding security policies and practices and helps established suppliers prepare up-to-date responses to reflect changes in their products.

"Many times, a proposed tool enters the ecosystem because a faculty member returns from a conference and asks to use a tool they have seen. Without going through the entire review process, which can take weeks, we can look it up quickly and get a sense of the tool by using the rubric. If we see the tool has significant accessibility issues or unanswered security questions, we can start a conversation with the vendor or let the faculty know the tool won’t work at our institution,” said Jim Williamson from UCLA. “If the vendors do the work of completing the rubric while not guaranteeing acceptance, they are exponentially more likely to be successful.”

1EdTech members participating in the TrustEd Apps Security Task Force pointed out that this does not replace the more in-depth Higher Education Community Vendor Assessment Tool (HECVAT) but instead is a supplement to the assessment, providing a simpler point of access for new and legacy suppliers.

“This rubric gives us a good baseline of understanding for where the supplier is currently. We may need to dive deeper eventually, but it will help eliminate some of the basic questions that can take a few days to solve over email,” said Jon Werth from Minnesota State Colleges and Universities. “For newer companies, and even older companies just entering the edtech space, this is a nice way to show what is really important and what we all want to see right off the bat.”

“There are hundreds of very small edtech companies coming into the marketplace. Oftentimes, they are a few people with an idea,” added Williamson. “Being able to point newcomers to something less intimidating than the HECVAT can help them get started.”

The new Security Practices rubric complements 1EdTech’s Accessibility, Data Privacy, and Generative AI Data rubrics as effective tools in helping institutions decide which learning resources to include in their trusted ecosystem.

“Data privacy is good to look at in terms of the legal policies in place. The security rubric looks at the technical practices,” said Werth. “We’re looking at the company’s practices when it’s building or maintaining the software, how they handle authentication, and how they manage the services and cloud structure.”

As with all of 1EdTech’s TrustEd Apps rubrics, the security rubric was created and is supported through the collaboration of 1EdTech members in K-12, higher education, and edtech suppliers. Suppliers provide information in the rubric through written evidence and attestations, and any concerns from the community are reported to 1EdTech.

“This work is just getting started,” said Werth. “As more suppliers fill out the rubric, we hope to be able to go into 1EdTech’s product directory to see certifications and rubric results in one place so we can see how each tool fits into our environment.”

“The rubric is also flexible. Campuses generally do not publish their security review findings,” said Williamson. "Because vendors and tools are constantly changing, 1EdTech’s TrustEd Apps Management Suite will display current results, which allows us to point faculty or staff to information that can help explain why tools might not be adopted at our institution.”

Anyone can access and use the TrustEd Apps Security Practices Rubric. Edtech suppliers are encouraged to complete and submit their self-assessments annually. Institutional members should ask their suppliers to complete the assessment to help with any procurement decisions. Results from 1EdTech members' self-assessments will be available to all 1EdTech members in the TrustEd Apps Directory.


About the Author

Kelly Hoyland

Kelly Hoyland serves as the director for higher education at 1EdTech, where she works with members to meet the challenges they face in the rapidly growing and evolving digital teaching and learning landscape. This includes working across K-12, higher education, and corporate education to make life achievements more accessible, personalized, and equitable from the start for every learner.

Kelly began her career in K-12 education, serving as a teacher, virtual school coordinator, and technology director. She then transitioned to higher education as the Director of Learning and Client Technology Services at the University of Wisconsin-Stout, where her department was responsible for supporting academic technology and end-user support. Her focus has been to find ways to use technology to support teaching and learning.

 

Published on 2023-12-07

PUBLISHED ON 2023-12-07

Photo of User
Kelly Hoyland
Director, Higher Education Programs
1EdTech
Help us improve the accessibility of this site by emailing recommendations to web@imsglobal.org