Sharebar?

IMS TrustEd Apps Rubric

IMS TrustEd Apps Rubric

The IMS TrustEd Apps program has designed a rubric that covers the base set of questions that K-12 districts and higher ed institutions need to ask when vetting an application. This program established a base set of questions to develop a rubric by aggregating a list of questions from different K-12 districts and higher ed institutions that vet applications for student data privacy. The program also looked at criteria set by other organizations that vet applications for their student data privacy practices. To establish this base set of "must ask" questions, the program compared all of the questions that were collected from the K-12 districts, higher ed institutions, and other organizations and pulled out all of the questions that were similarly being asked in each. 

The rubric is used by IMS in the Certified Product Directory to vet applications and produce reports. These detailed reports are available to IMS Members. The rubric addresses information and criteria for the following areas:

Data Collected

Does Not Meet Expectations Meets Expectations (Reservations) Meets Expectations
This section of the rubric covers what data the supplier collects. Specifically, what information a user is required to input and how the user can interact with their own data. The policy does not meet the criteria established by the rubric. The policy is unclear as to what it may or may not do as established by the criteria in the rubric. The policy fully meets or exceeds the criteria established by the rubric.

Security

Does Not Meet Expectations Meets Expectations (Reservations) Meets Expectations
This section of the rubric covers all of the supplier's back-end security policies and practices. Specifically, it addresses encryption, cookies, and authentication. The policy does not meet the criteria established by the rubric. The policy is unclear as to what it may or may not do as established by the criteria in the rubric. The policy fully meets or exceeds the criteria established by the rubric.

Third-Party Data Sharing

Does Not Meet Expectations Meets Expectations (Reservations) Meets Expectations
This section of the rubric covers all third-party interactions with the supplier and user’s data. This section also addresses the selling or sharing of user data. The policy does not meet the criteria established by the rubric. The policy is unclear as to what it may or may not do as established by the criteria in the rubric. The policy fully meets or exceeds the criteria established by the rubric.

Advertising

Does Not Meet Expectations Meets Expectations (Reservations) Meets Expectations
This section of the rubric covers how the supplier manages advertisements and whether or not there is ad targeting or tracking. The policy does not meet the criteria established by the rubric. The policy is unclear as to what it may or may not do as established by the criteria in the rubric. The policy fully meets or exceeds the criteria established by the rubric.

The full rubric may be reviewed by visiting the Data Privacy Specification.


Optional Extensions

Occasionally, an institution may have additional needs or requirements. The following optional extensions can be used with the TrustEd Apps Rubric to provide additional information and criteria:

Availability of Policy

This section of the rubric covers the privacy policy. Specifically, whether a link to the policy exists, where the link is located, when it is presented to the user, and how it is formatted.

Data Handling

This section of the rubric deals with how suppliers handle data with regard to data retention and deletion.

Social Interactions

This section of the rubric covers how social media is managed and used within the app.

Legal

This section of the rubric covers all state and federal regulations on student data including COPPA, FERPA, and HIPPA.

Accessibility

This section of the rubric covers accessibility and accommodation standards compliance.

Mobile

This section of the rubric covers mobile application privacy, safety & security.

Integrations

This section of the rubric covers the privacy, safety, and security of third-party integrations.

Feedback or questions about the rubric may be sent to TrustEdApps@imsglobal.org.