The Information Security Primer for Evaluating Educational Software is a toolkit for people looking to learn more about evaluating the information security practices of educational software. While the primary audience for this document is people interested in running information security tests, our secondary audience includes people who will not be running tests but who want to learn more about what "information security" means.
As the title states, this document is a primer, not a comprehensive guide. We intend for this document to grow and evolve over time. Future versions will include more advanced testing scenarios, but for the initial version, we wanted to provide resources to allow people to learn how to do security reviews safely.
This guide was developed as part of the Common Sense Privacy Program. If you work at a school district and would like to join the consortium of districts working in the United States to help streamline the process of evaluating privacy policies for edtech apps, you can learn more and sign up here.
Tony Porterfield, Jim Siegl, and Bill Fitzgerald are the primary authors of this text.
Girard Kelly, Jeff Graham, Jenny Pritchett, and Omar Khan provided editing support and testing.
Please contact Bill Fitzgerald (email@example.com) with any questions or comments on this primer.
We will also respond -- as time permits -- to issues in the issue queue.
We will be modifying this document over time to keep the tests current and to add tests. If you would like to contribute, please open an issue in the queue and/or make a pull request.
This is released under a Creative Commons Attribution Non-Commercial Share-Alike 4.0 License: https://creativecommons.org/licenses/by-nc-sa/4.0/
Visit the Licensing and Attribution page for complete details.