Seven Basic Security Checks for Evaluating Educational Platforms

Seven Basic Security Checks for Evaluating Educational Platforms

FPF has produced a checklist to assist parents and schools in considering the “basics” of security standards on new ed tech products and services they may be considering or using.  In on-line security, there is unfortunately no “one size fits all” solution, but with so many products and services available, this checklist is designed to provide some initial key triggers of areas that either meet a basic threshold, or might serve as discussion points for further review with the company involved.

Evaluating security standards on any particular product, site, or service can be challenging, and unlike privacy policies, there’s often no “security policy” in one location to review. People who are not security specialists may have a hard time knowing where to start.  This checklist is designed for those who have some familiarity with computers, but are not security or technical specialists, to be able to do some simple tests to see what protections are in place, and help guide their discussion with the company for a more in-depth understanding.

The Seven Steps include:

  • Look for an Encrypted Connection
  • Ensure That Applications Use TLS Between Email Servers
  • Ensure That URLs Do Not Contain Sensitive Information
  • Ensure Sensitive Information Is Not Stored in the Cache or Browser History
  • Ensure That Passwords Are Protected
  • Ensure That the Login and Password Recovery Mechanisms Do Not Reveal Unnecessary Information (e.g. the Existence of an Account)
  • Be Watchful for “Information Leakage”

For each step, we’ve provided a step-by-step process to evaluate the topic area, and additional security resources are also identified for those looking for more detailed guidance. As the checklist says, it does not answer all questions for all situations. A company who complied with all these steps might still have security concerns; a company that does not do every step may still have quite sufficient security in place. We hope this checklist – which can be used as a companion to our Student Privacy Compass Quick Security Tips for Ed Tech Vendors – will simply prove to be a useful resource for schools and parents who want to make an initial review of a product or service and it’s security protections.

Cross-posted with the Future of Privacy Forum website.

Related Resources

  • Blog

    Talking to Kids About Privacy: Advice from a Panel of International Experts

    May 21, 2021Jasmine Park

    Now more than ever, as kids spend much of their lives online to learn, explore, play, and connect, it is essential to ensure their knowledge and understanding …

    Learn More
  • Blog

    U.S. Department of Education Opens an Investigation into Pasco County’s Predictive Policing Program

    Apr 19, 2021Anisha Reddy and Amelia Vance

    On Friday, the U.S. Department of Education opened an investigation into the data-sharing practices between Florida’s Pasco County sheriff’s office and school …

    Learn More
  • Blog

    Youth Privacy and Data Protection 101

    Apr 1, 2021Jasmine Park and Amelia Vance

    It is estimated that one-third of global internet users are under the age of 18. As digital technologies increasingly mediate nearly all facets of their lives,…

    Learn More