The SDPC has been extremely successful in bringing the educational technology (EdTech) marketplace and school districts together in addressing student data privacy obligations. As the SDPC continues to expand, the ability to audit and/or certify that providers, and schools, are meeting their security obligations to safeguard data is critical. Currently, there are very few mandated requirements for providers to adhere to specific security benchmarks. Some states have legislated their own set of security requirements. In the absence of any framework or identified benchmarks to audit providers against, it is impossible to certify any application is meeting privacy and security obligations.
The new Global Education Security Standard (GESS) Project Team has been working diligently to develop a matrix/crosswalk of all existing security frameworks and identify a core set of controls applicable to PK-20 data. The group is at a point now that they would like to share this work with industry experts to obtain feedback to further guide their work.