Sharebar?

App Vetting App Vetting

Printer-friendly version

The App Vetting Program

Educational applications provide content and tools to help students learn. Most educational applications are created and managed by vendors who do their best to protect the identity of the individuals accessing the system and the data that they generate. However, there are many factors that need to be considered to ensure that each application used in schools is appropriate for students. Software vendors often have not considered student privacy, data security or other safety issues when developing educational software, and thus it is the responsibility of the school or district to ensure that some safeguards to student data are in place. Vetting educational applications, to ensure that a minimum standard of privacy and security is met, provides assurance that the information gathered by these educational applications is being used responsibly.

What is App Vetting?

Several organizations vet “free” educational applications for use in the classroom and employ a variety of simple processes and checklists. Few organizations can thoroughly vet and evaluate any educational application, regardless of price. Vetting an application involves:

  • Knowing what questions to ask to gauge the comprehensive security and privacy policies of the application
  • Knowing where to look for answers in a supplier’s Privacy Policy and Terms of Service Agreement
  • Reading a Terms of Service Agreement
  • Reading a Privacy Policy
  • Contacting the vendor to discuss policy concerns
  • Verifying compliance with data transmission security requirements via testing
  • Testing all application functionality to confirm policy and terms of service statements.

There are nuances in evaluating fee versus free educational software. Free applications are being used in the classroom at K-12 and higher ed institutions quite often. Paid applications may have legally binding contracts to hold a vendor to its data privacy standards. Vendors who provide free applications do not require legally binding contracts and have no obligation to follow any standards. Understanding what free applications are doing with data and how they are safeguarding student information is important. There may not be a contract, but data is still being produced. IMS Global’s App Vetting Program helps to protect teachers and institutions and ultimately students by allowing the institution to understand how data obtained from an app is being used.

What are the benefits of App Vetting?

The IMS App Vetting Program benefits institutions that do not have the time or the resources to thoroughly vet an application. Organizations vetting free applications may only be scratching the surface of understanding data privacy and security. IMS’s App Vetting Program allows institutions to:

  • Save time and money
  • Safeguard against free apps violating student data privacy standards
  • Quickly build a dashboard of approved apps
  • Communicate with developers to clarify issues found in policies or an application’s security

The IMS Global App Vetting Program uses member-established criteria (rubric) for evaluating apps that encompasses data privacy, information security, accessibility and more. While developers of ed tech applications strive to meet the data privacy and security expectations from K12 and higher ed institutions, using the App Vetting Program allows vendors to refine their products with student data safety in mind, increasing the adoption of their product, and ensuring compliance with federal or state privacy laws. The myriad of state and federal guidelines and laws regarding student data can be confusing to navigate. Giving suppliers a standard that explains what criteria to meet simplifies the process.

Thoroughly vetting an application can take several hours. App Vetting Program automates the app vetting process reducing the time needed to evaluate applications. By developing a rubric containing relevant app vetting criteria and translating the rubric into a machine readable format (JSON), both K-12 and higher ed institutions can thoroughly vet an application quickly and easily.

What do suppliers need to do?

Suppliers who wish to participate in App Vetting Program should:

  1. Review the questions in the IMS App Vetting Rubric.
  2. Provide a response to each question; these answers equate to a performance level within the rubric.
  3. All information is then translated into a machine readable format (JSON) based upon the App Vetting Specification.
  4. Submit the data contained in the JSON for certification via IMS Global’s App Vetting Conformance Certification Process.
  5. Upon obtaining App Vetting Certification, display the IMS Global App Vetting Conformance Certification Badge on the product website.

What do K-12 and Higher Ed institutions need to do?

Institutions that want to participate in the App Vetting Program should:

  1. Agree to use the IMS Global App Vetting Rubric to review educational products in use thereby signifying the minimum data security and privacy requirements required by the institution.
  2. Translate the institution’s required criteria into a machine readable format (JSON) based upon the App Vetting Specification.
  3. Submit the data contained in the JSON for certification via IMS Global’s App Vetting Conformance Certification Process.
  4. Upon obtaining App Vetting Certification, display the IMS Global App Vetting Conformance Certification Badge on the institution website.

Where to go for more information?

For more information on the rubric and to examine the criteria for the following areas:

  • Availability of Policy
  • Data Collected
  • Third Parties
  • Data Handling
  • Social Interactions
  • Advertising
  • Security
  • Legal
  • Accessibility
  • Mobile
  • Privacy
  • Integrations

 

Availability of Policy
This section of the rubric covers the privacy policy. Specifically, whether a link to the policy exists, where the link is located, when it is presented to the user and how it is formatted.

Data Collected
This section of the rubric covers what data the supplier collects. Specifically, what information a user is required to input and how the user can interact with their own data.

Third Parties
This section of the rubric covers all third party interactions with the supplier and users data. This section also addresses the selling or sharing of user data.

Data Handling
This section of the rubric deals with how suppliers handle data with regard to data retention and deletion.

Social Interactions
This section of the rubric covers how social
media is managed and used within the app.

Advertising
This section of the rubric covers how the supplier manages advertisements to its users and whether or not there is ad targeting or tracking.

Security
This section of the rubric covers all of the suppliers back-end security policies & practices. Specifically, it addresses encryption, cookies, and authentication.

Legal
This section of the rubric covers all state and federal regulations on student data including COPPA, FERPA, and HIPPA.

Accessibility
This section of the rubric covers accessibility and accommodation standards compliance.

Mobile
This section of the rubric covers mobile application privacy, safety & security.

Privacy
This section of the rubric covers the suppliers efforts to protect Personally Identifiable Information (PII) and user directory information.

Integrations
This section of the rubric covers the privacy, safety and security of third party integrations.
.

Contact Us for more information