Sharebar?

Data Privacy Seal

IMS Data Privacy Seal

Requirements and Process

 

Overview

In addition to maintaining standards for interoperability, the IMS Global Learning Consortium community strives to ensure that educational technology applications fulfill requirements for privacy and security and assure responsible usage of the information gathered by these applications.IMS Data Privacy Seal of Certification

For suppliers, the IMS Data Privacy Seal certifies that an application satisfactorily completes the rigorous and trusted IMS App Vetting Process, and its ratings on the IMS App Vetting Rubric are fully disclosed and meet a specified level of expectation.

For educational institutions, the IMS Data Privacy Seal certifies that an institution successfully completes training in the IMS App Vetting Process and possesses the necessary skills to vet applications for privacy and security using the IMS App Vetting Rubric. Institutions may seek out suppliers with the IMS Data Privacy Seal. They may require that suppliers without the seal obtain it before procuring those resources and include the requirement for the seal in their contracts and requests for proposals (RFPs). IMS staff collaborates with suppliers to complete the IMS App Vetting Process to address any potential or identified areas of concern.

 

For Suppliers

Certification Requirements for Suppliers

  • Be an App Vetting Alliance, Affiliate, or Contributing Member of IMS Global Learning Consortium.
  • Submit an application for review, which is satisfactorily vetted by IMS staff using the IMS App Vetting Process and the IMS App Vetting Rubric and meets expectations or meets expectations (with reservations) in all areas of the rubric.
  • IMS Contributing Member supplier organizations must complete online or individual training on the IMS App Vetting Process.
  • IMS Alliance and Affiliate Member supplier organizations must complete online training on the IMS App Vetting Process.
  • Collaborate with IMS staff to resolve issues that may arise in the IMS App Vetting Process and/or issues that may arise as the IMS App Vetting Rubric evolves into the future.

Review the levels of IMS Membership available.

Certification Process for Suppliers

  • As a member of the IMS community, the supplier initiates the request for the review of its application to obtain the IMS Data Privacy Seal by contacting appvetting@imsglobal.org.

  • IMS staff receives the request and conducts a thorough review of the application’s Privacy Policy and Terms of Service using the IMS App Vetting Rubric. Likewise, the application should demonstrate compliance with applicable privacy laws (COPPA/FERPA/GDPR). Note that all reviews and scores are posted in the IMS Product Directory for any member of IMS to examine for planning purposes.

  • IMS staff then generates the App Vetting Report to be sent to the supplier that outlines any areas of strength or concern.

  • If the application meets expectations or meets expectations (with reservations) on the IMS App Vetting Rubric, an IMS staff member notifies the supplier of the results and that the requirements for the IMS Data Privacy Seal have been met and awards the seal.

  • For any areas where the supplier meets expectations (with reservations) an IMS staff member reviews those items with the supplier for awareness.

  • Any areas that do not meet the expectations noted in the rubric must be updated in the application’s Privacy Policy and Terms of Service before the seal can be awarded. An IMS staff member notifies the supplier of the results and reviews what needs to be addressed in the application’s Privacy Policy and Terms of Service in order to achieve the seal.

  • Within ten days from the above notification, the supplier must update its policy to address any concerns or issues that were identified in order to obtain the seal.

  • IMS staff sets up a second with the supplier to confirm that all changes are included in the policy and that the supplier fully understands the review process. Once the supplier satisfactorily addresses all concerns and notifies IMS staff of those changes, the seal can be awarded.

  • IMS staff sends a communication to the supplier within seven days with notification of the award of the IMS Data Privacy Seal.

  • The awarded seal is displayed in the IMS Product Directory, and as an IMS member, the supplier may publish that seal on its application website and in marketing materials during the year of its validity.

  • The full review of the application is published in the IMS Product Directory and is only viewable to IMS members.

  • The IMS Community periodically updates the App Vetting Rubric in an effort to improve it to meet the needs of the users and the market. Applications must be vetted again with each new release of the rubric.

  • A review of each application is conducted annually on the date the seal was awarded, and the supplier is notified 60 days prior to its expiration to confirm any changes to the supplier's privacy policies. The renewal of certification must be completed in order to continue publishing the IMS Global Data Privacy Seal.

  • If the application continues to meet all of the requirements, it maintains the current status of the seal. If the application falls short of those expectations, the seal is no longer valid, and IMS staff strive to address those concerns with the supplier. Until the concerns are addressed and the supplier satisfactorily meets all of the requirements for the seal, the supplier must remove all references and images of the seal from its website and marketing materials.

 

For Institutions

Certification Requirements for Institutions

  • Be an IMS Contributing Member.
  • Complete an online or individual training on the IMS App Vetting Process.
  • Conduct a review on an application with an IMS staff member.
  • Conduct a review independently using the IMS App Vetting Process and the IMS App Vetting Rubric.
  • Collaborate with IMS staff to resolve issues that may arise in the IMS App Vetting Process.

Review the levels of IMS Membership available.

Certification Process for Institutions

  • An IMS Contributing Member institution initiates the request for the IMS Data Privacy Seal by contacting appvetting@imsglobal.org.

  • An IMS staff member schedules an online meeting with designated individual(s) for app vetting from the institution to provide an orientation to the IMS App Vetting Process and an overview of the necessary requirements for achieving the IMS Data Privacy Seal. At this time, any additional app vetting goals for the institution are collaboratively reviewed and set. The attendee(s) are shown how to access Contributing Member resources for app vetting, including the IMS Product Directory, the IMS App Vetting Rubric, and online training materials. Finally, a follow-up training session is scheduled.

  • An IMS staff member conducts a virtual training session for the designated individual(s) from the institution that provides a thorough review of an application’s Privacy Policy and Terms of Service using the IMS App Vetting Rubric and an overview of federal privacy laws (COPPA/FERPA). The IMS staff member also answers any questions about the IMS App Vetting Process.

  • The attendee then completes an independent review of an application’s Privacy Policy and Terms of Service using the IMS App Vetting Rubric and submits that review to appvetting@imsglobal.org within 30 days.

  • An IMS staff member notifies the individual from the institution with feedback on the review. If the requirements for the IMS Data Privacy Seal are met per a satisfactory review, the seal is awarded. If any additional information is required, the individual is notified of what areas need attention. The individual is then given ten days from the above notification to update its review to reflect any changes or issues that were identified.

  • Once the individual from the institution satisfactorily addresses any concerns and notifies IMS staff of those changes, the seal can be awarded.

  • A list of institutions that have received the seal is published on the IMS website. IMS Contributing Member institutions may publish the seal on their website or in marketing materials.

  • The IMS Community periodically updates the App Vetting Rubric in an effort to improve it to meet the needs of the users and the market. Applications must be vetted again with each new release of the rubric.

  • A seal must be renewed annually by the date the seal was awarded, and the institution is notified 60 days prior to its expiration to meet the certification requirements. The renewal of certification must be completed in order to continue publishing the IMS Data Privacy Seal.

  • If the institution continues to fulfill all of the requirements, it maintains the status of the seal and receives a new seal for that calendar year. If the institution does not fulfill the certification requirements, the seal expires on the anniversary of the date it was awarded. Until the requirements for the seal are completed, the institution must remove all references and images of the seal from its website and marketing materials.

 

Training for Suppliers and Institutions

  • Online training materials on the IMS App Vetting Process are available for all levels of IMS membership.

  • IMS Contributing Member supplier organizations may be individually trained on the IMS App Vetting Process in order to better meet expectations for data privacy. Please email appvetting@imsglobal.org to schedule training.