Seven Basic Security Checks for Evaluating Educational Platforms

Seven Basic Security Checks for Evaluating Educational Platforms

FPF has produced a checklist to assist parents and schools in considering the “basics” of security standards on new ed tech products and services they may be considering or using.  In on-line security, there is unfortunately no “one size fits all” solution, but with so many products and services available, this checklist is designed to provide some initial key triggers of areas that either meet a basic threshold, or might serve as discussion points for further review with the company involved.

Evaluating security standards on any particular product, site, or service can be challenging, and unlike privacy policies, there’s often no “security policy” in one location to review. People who are not security specialists may have a hard time knowing where to start.  This checklist is designed for those who have some familiarity with computers, but are not security or technical specialists, to be able to do some simple tests to see what protections are in place, and help guide their discussion with the company for a more in-depth understanding.

The Seven Steps include:

  • Look for an Encrypted Connection
  • Ensure That Applications Use TLS Between Email Servers
  • Ensure That URLs Do Not Contain Sensitive Information
  • Ensure Sensitive Information Is Not Stored in the Cache or Browser History
  • Ensure That Passwords Are Protected
  • Ensure That the Login and Password Recovery Mechanisms Do Not Reveal Unnecessary Information (e.g. the Existence of an Account)
  • Be Watchful for “Information Leakage”

For each step, we’ve provided a step-by-step process to evaluate the topic area, and additional security resources are also identified for those looking for more detailed guidance. As the checklist says, it does not answer all questions for all situations. A company who complied with all these steps might still have security concerns; a company that does not do every step may still have quite sufficient security in place. We hope this checklist – which can be used as a companion to our Student Privacy Compass Quick Security Tips for Ed Tech Vendors – will simply prove to be a useful resource for schools and parents who want to make an initial review of a product or service and it’s security protections.

Cross-posted with the Future of Privacy Forum website.

Related Resources

  • FPF Perspectives

    FPF Responds to the FTC’s COPPA Policy Statement

    May 19, 2022

    On May 19, 2022, the Federal Trade Commission (FTC) held an open meeting where it approved a policy statement prioritizing enforcement of the Children’s Online…

    Learn More
  • Higher Ed Perspectives

    The Datafication of Student Life and the Consequences for Student Data Privacy

    Apr 11, 2022Kyle M. L. Jones (MLIS, PhD) Indiana University-Indianapolis (IUPUI)

    The COVID-19 pandemic changed American higher education in more ways than many people realize: beyond forcing schools to transition overnight to fully online l…

    Learn More
  • Blog

    So Much Data: Thinking About How We Govern with Data and How We Are Governed by Data in US Higher Education

    Apr 11, 2022Michael Brown, Assistant Professor of Higher Education and Student Affairs, School of Education, Iowa State University

    As a researcher who focuses on how US higher education institutions construct data systems to support students’ success, I find myself having the same conversa…

    Learn More