Sharebar?

TrustEd Apps Seal Supplier Requirements

IMS TrustEd Apps Seal

SUPPLIER

Data Privacy Certification Requirements and Process

IMS TrustEd Apps Seal of Data Privacy Certification

Certification Requirements for Suppliers

  • Must be an IMS Contributing Member, Affiliate, or TrustEd Apps Alliance member organization
  • Submit an application for review, which is satisfactorily vetted by IMS staff using the IMS TrustEd Apps vetting process and the IMS TrustEd Apps Rubric and meets expectations or meets expectations (with reservations) in all areas of the rubric.
  • IMS Contributing Member supplier organizations must complete online or individual training on the IMS TrustEd Apps vetting process.
  • IMS Alliance and Affiliate Member supplier organizations must complete online training on the IMS TrustEd Apps vetting process.
  • Complete a self-assessment to ensure that the application meets the required data privacy criteria set forth in the IMS TrustEd Apps Rubric.
  • Collaborate with IMS staff to resolve issues that may arise in the IMS TrustEd Apps vetting process and/or issues that may arise as the IMS TrustEd Apps Rubric evolves into the future.

Review the levels of IMS Membership available.

Certification Process for Suppliers

  • As a member of the IMS community, the supplier initiates the request for the review of its application to obtain the IMS TrustEd Apps Seal by contacting TrustEdApps@imsglobal.org.

  • IMS staff receives the request and conducts a thorough review of the application’s Privacy Policy and Terms of Service using the IMS TrustEd Apps Rubric. Likewise, the application should demonstrate compliance with applicable privacy laws (COPPA/FERPA/GDPR). Note that all reviews and scores are posted in the IMS Product Directory for any member of IMS to examine for planning purposes.

  • IMS staff then generates the TrustEd Apps vetting report to be sent to the supplier that outlines any areas of strength or concern.

  • If the application meets expectations or meets expectations (with reservations) on the IMS TrustEd Apps Rubric, an IMS staff member notifies the supplier of the results and that the requirements for the IMS TrustEd Apps Seal have been met and awards the seal.

  • For any areas where the supplier meets expectations (with reservations) an IMS staff member reviews those items with the supplier for awareness.

  • Any areas that do not meet the expectations noted in the rubric must be updated in the application’s Privacy Policy and Terms of Service before the seal can be awarded. An IMS staff member notifies the supplier of the results and reviews what needs to be addressed in the application’s Privacy Policy and Terms of Service in order to achieve the seal.

  • Within ten days from the above notification, the supplier must update its policy to address any concerns or issues that were identified in order to obtain the seal.

  • Complete a self-assessment to ensure that the application meets the required data privacy criteria set forth in the IMS TrustEd Apps Rubric.

  • IMS staff sets up a second meeting with the supplier to confirm that all changes are included in the policy and that the supplier fully understands the review process. At this time a review of the supplier’s performance on the self-assessment of the application will also be conducted by IMS staff. Once the supplier satisfactorily addresses all concerns and notifies IMS staff of those changes and successfully completes the self-assessment, the seal can be awarded.

  • IMS staff sends a communication to the supplier within seven days with notification of the award of the IMS TrustEd Apps Seal.

  • The awarded seal is displayed in the IMS Product Directory, and as an IMS member, the supplier may publish that seal on its application website and in marketing materials during the year of its validity.

  • The full review of the application is published in the IMS Product Directory and is only viewable to IMS members.

  • The IMS Community periodically updates the IMS TrustEd Apps Rubric in an effort to improve it to meet the needs of the users and the market. Applications must be vetted again with each new release of the rubric.

  • A review of each application is conducted annually on the date the seal was awarded, and the supplier is notified 60 days prior to its expiration to confirm any changes to the supplier's privacy policies. The renewal of certification must be completed in order to continue publishing the IMS TrustEd Apps Seal.

  • If the application continues to meet all of the requirements, it maintains the current status of the seal. If the application falls short of those expectations, the seal is no longer valid, and IMS staff will strive to address those concerns with the supplier. Until the concerns are addressed and the supplier satisfactorily meets all of the requirements for the seal, the supplier must remove all references and images of the seal from its website and marketing materials.

 

Training for Suppliers and Institutions

  • Online training materials on the IMS TrustEd Apps vetting process are available for all levels of IMS membership.

  • IMS Contributing Member supplier organizations may be individually trained on the IMS TrustEd Apps vetting process in order to better meet expectations for data privacy. Please email TrustEdApps@imsglobal.org to schedule training.