Student Data Privacy
ManagedMethods is committed to keeping student data private & your district data secure.
ManagedMethods uses API integrations to monitor and control cybersecurity and student safety risks in Google Workspace for Education and Microsoft 365 environments. Because the platform uses APIs, data doesn’t leave your domain. We do not collect or store any sensitive student, staff, or district information.
K-12 school districts use ManagedMethods to help achieve compliance with FERPA, CIPA, and other state and local student data privacy, data security, and cyber safety regulations.
Secure platform infrastructure
ManagedMethods is built on Google Cloud Platform, a leader in Infrastructure as a Service (IaaS) platform security, stability, and scalability. ManagedMethods infrastructure is ISO, AICPA SOC, and FedRAMP Compliant.
We prioritize FERPA & CIPA compliance to safeguard student privacy and maintain a secure online environment.
Student and staff information stored in school information systems are lucrative targets for cybercriminals. At the same time, the most common cause of school data incidents is a simple accidental exposure. District IT teams must have access to sensitive information stored in Google Workspace and Microsoft 365 not only to comply with state and federal regulations but also to protect students and staff.
Phishing is still the #1 threat vector used by criminals to gain access to school user accounts. At the same time, schools are experiencing a sharp increase in malware—including ransomware—attacks. If your district uses Google Workspace for Education and/or Microsoft 365, external threats can access student and staff information through email, file sharing, and risky 3rd party apps.
Unapproved 3rd party SaaS apps present a risk to district data security and student data privacy. Using ManagedMethods, school districts can easily detect and control 3rd party apps connected to their Google and/or Microsoft 365 domain via OAuth.
Phishing and malware attacks can lead to account takeover of your district’s Google Workspace and/or Microsoft 365 accounts. An account takeover is notoriously difficult to detect in cloud applications and can lead to additional cyber risks and data exposure.
Signals by ManagedMethods uses keyword scanning and artificial intelligence to monitor district Google Workspace and Microsoft 365 emails, files, shared drives, and chat apps to detect cyber safety red flags, including:
Partners
We are committed to safeguarding student data privacy through collaborative efforts with educators, parents, and technology providers.
The Student Privacy Pledge is a voluntary but legally binding EdTech industry pledge. Its purpose is to safeguard student privacy regarding the collection, maintenance, and use of student personal information.
As a signatory of the Student Privacy Pledge, ManagedMethods commits that it will not:
The Student Data Privacy Consortium (SDPC) is a collaborative of schools, districts, regional, territory, and state agencies, policymakers, trade organizations, and marketplace providers addressing growing student data privacy concerns in education. SDPC’s vendor marketplace provides technology leaders with a place to find solutions that deliver interoperable solutions with a commitment to privacy.
ManagedMethods also has a direct API integration with SDPC’s approved app list built into our platform. A4L SDPC members can enjoy the benefits of automating sanctioning and/or unsanctioning of OAuth apps using ManagedMethods’ integration with SDPC.
Committed to Student Data Privacy
On December 1, 2020, the FBI, CISA, and the Multi-State Information Sharing and Analysis Center published a Joint Cybersecurity Advisory for K-12 schools. Included in the report are recommendations for districts to consider when evaluating and implementing new edtech tools.
ManagedMethods reiterates the importance of privacy and data security to employees. We also protect personal information with technical, contractual, administrative, and physical security safeguards to protect against unauthorized access, release, or use.
In the event of unauthorized disclosure of data, ManagedMethods will promptly notify users unless specifically directed not to provide such notification by law enforcement officials.
The notification will include the date of the breach, types of information subject to the breach, a general description of what occurred, and the steps ManagedMethods is taking and/or will take to address the breach and mitigate future risk. We will keep all impacted users fully informed until the incident is resolved.
The ManagedMethods platform does not collect or store any personally identifiable, educational, or financial information from customer domains. Metadata that is passed between ManagedMethods and customer domains is encrypted both in transit and at rest.
ManagedMethods reiterates the importance of privacy and data security to employees. We also protect personal information with technical, contractual, administrative, and physical security safeguards to protect against unauthorized access, release or use.
ManagedMethods staff will only log into customers’ service accounts solely to resolve a problem or support issue. In this case, the staff member investigating the problem would have the same access and abilities that a customer admin user has when logged in to the ManagedMethods platform. In all cases, ManagedMethods staff actions will be logged in an audit log.
ManagedMethods uses Google Cloud Platform for storing and maintaining collected data.
The ManagedMethods platform does not collect or permanently store any student, faculty, or staff PII, academic, disciplinary, medical, biometric, financial, etc. data.
ManagedMethods does collect and store information to monitor and maintain the ManagedMethods service to our customers. Such information includes system health and availability, CPU and disk utilization over time, IP addresses for audit logs, etc. The sole purpose of collecting this data is to monitor your service availability and respond to failures to restore the service.
ManagedMethods also aggregates anonymized user data, including document and user metadata, usage and volume statistical information, and other statistics (but not contact information), and may provide such anonymous aggregated data to third parties.
We’re committed to keeping your information safe and secure. To help ManagedMethods provide, maintain, protect and improve our services, ManagedMethods shares information with other partners, vendors, and trusted organizations to process it on our behalf per our instructions, Privacy Policy, and any other appropriate confidentiality, security, or other requirements we deem applicable.
These companies will only have access to the information they need to provide the ManagedMethods service. Current and prospective customers can find information on these partners and service providers we work with by contacting our customer support staff.
ManagedMethods DOES NOT sell or share student PII, academic, disciplinary, medical, biometric, financial, etc. data with third parties for purposes of new product development, studies, marketing, advertising, etc.
ManagedMethods does aggregate anonymized user data, including document and user metadata, usage, and volume statistical information, and other statistics (but not contact information) to help provide, maintain, protect and improve ManagedMethods services, including new product features development. This information may be shared with other partners, vendors, and trusted organizations to process it on our behalf in accordance with our instructions, Privacy Policy, and any other appropriate confidentiality, security, or other requirements we deem appropriate.
These companies will only have access to the information they need to provide the ManagedMethods service. Current and prospective customers can find information on these partners and service providers we work with by contacting our customer support staff.
The ManagedMethods platform does not collect or store any student, faculty, or staff PII, academic, disciplinary, medical, biometric, financial, etc. data.
ManagedMethods does collect and store information to monitor and maintain the ManagedMethods service to our customers. Such information includes system health and availability, CPU and disk utilization over time, IP addresses for audit logs, etc. The sole purpose of collecting this data is to monitor the availability of your service and to respond to failures to restore the service.
ManagedMethods also aggregates anonymized user data, including document and user metadata, usage and volume statistical information, and other statistics (but not contact information).
Any data collected is deleted or de-identified when it is no longer needed, upon expiration or termination of a customer agreement according to the terms of our agreement, or at the direction or request of the educational institution.
Customers may withdraw consent to our processing of personal information at any time. However, withdrawing consent may result in the inability to use some or all of the services.
Contact us
Ready to learn more about ManagedMethods and how we will help your school district comply with federal and state student data privacy, security, and safety regulations?