SDPC has released the Global Education Security Standard (GESS)

SDPC has released the Global Education Security Standard (GESS), the first international data security standard focused on the education sector

In a significant development, the Student Data Privacy Consortium (SDPC) has unveiled the Global Education Security Standard (GESS), the first-ever international data security standard tailored specifically for the education sector. The announcement was made during the annual Privacy & Interoperability Symposium. The GESS is the result of collaborative efforts by a multinational team committed to enhancing cybersecurity in education. The SDPC, a Special Interest Group of the non-profit Access 4 Learning (A4L) Community, has successfully brought together educational technology (EdTech) stakeholders and educational institutions worldwide to address student data privacy obligations.

Over the past 18 months, the SDPC Project Team has synthesized security, privacy, and child safety requirements from the USA, Europe, New Zealand, and Australia. By drawing on existing international standards, they have developed a set of controls that can be implemented by the education sector to drive adoption and compliance across various applications used in schools globally. The GESS builds upon the work of the Safer Technologies 4 Schools project in Australia.

The GESS aims to establish a unified standard supported by education authorities globally, fostering productive conversations between software vendors and education providers to ensure student and school community safety. Key benefits include a centralized repository of controls shared by education bodies worldwide, reduced compliance burdens for software vendors, and a strong message to the software industry regarding the importance of security and privacy in education data.

The GESS is expected to advance the international EdTech community towards shared expectations and solutions for securing education data while meeting privacy obligations. By providing an open portal, the GESS allows the Pk-20 community to explore identified controls, filter them by frameworks or jurisdictions, and download sets of controls and assessment questions to aid compliance. The A4L Community will soon offer a self-assessment tool for tracking compliance with GESS.

In related news, the SDPC is preparing to release version 2 of the National Data Privacy Agreement (NDPA) in the US, which will include compliance with GESS as an option. This update will further streamline the onboarding process for safe EdTech applications in the US. Feedback from the software industry and education sector on the GESS is encouraged, ensuring ongoing refinement and relevance in the pursuit of robust security and privacy practices.