COMMITTED TO STUDENT DATA PRIVACY & SECURITY

MANAGEDMETHODS IS COMMITTED TO KEEPING STUDENT DATA PRIVATE & YOUR DISTRICT DATA SECURE

iKeepSafe-COPPA-220px
iKeepSafe-CSPC-220px
iKeepSafe-FERPA-220px

ManagedMethods Does Not Collect Personalized Student Data

ManagedMethods uses API integrations to monitor and control cybersecurity and student safety risks in Google Workspace for Education and Microsoft 365 environments. Because the platform uses APIs, data doesn't leave your domain. We do not collect or store any sensitive student, staff, or district information.

K-12 school districts use ManagedMethods to help achieve compliance with FERPA, CIPA, and other state and local student data privacy, data security, and cyber safety regulations.

Partners in Student Data Privacy

Student Data Privacy Page - FERPA COPPA CSPC Certified by iKeepSafe

FERPA, COPPA & CSPC Certified by iKeepSafe

The Internet Keep Safe Coalition© (iKeepSafe) certifies that digital products are compliant with state and federal requirements for handling protected personal information. iKeepSafe helps organizations achieve and maintain FERPA, COPPA, and CSPC compliance through product assessments, monthly monitoring, annual training, and assistance with remediation.

ManagedMethods participates in the iKeepSafe Safe Harbor program. If you have any questions or need to file a complaint related to our privacy policy and practices, please do not hesitate to contact the iKeepSafe Safe Harbor program.

Student Privacy Pledge Signatory

The Student Privacy Pledge is a voluntary but legally binding EdTech industry pledge. Its purpose is to safeguard student privacy regarding the collection, maintenance, and use of student personal information.

As a signatory of the Student Privacy Pledge, ManagedMethods commits that it will not:

  • Collect, maintain, use or share student PII beyond that needed for authorized educational/school purposes, or as authorized by the parent/student
  • Sell student PII
  • Use or disclose student information for behavioral targeting of advertisements or other types of marketing to students
  • Build a personal profile of a student other than for supporting authorized educational/school purposes or as authorized by the parent/student
  • Make material changes to our Privacy Policy without first providing prominent notice to our customers and allowing them choices before using data in a way that is not consistent with the terms initially provided
  • Knowingly retain student PII beyond the time period required to support the authorized educational/school purposes, or as authorized by the parent/student

Student Data Privacy - A4L Student Data Privacy Consortium Member

A4L Student Data Privacy Consortium (SDPC) Approved Vendor

The Student Data Privacy Consortium (SDPC) is a collaborative of schools, districts, regional, territory, and state agencies, policymakers, trade organizations, and marketplace providers addressing growing student data privacy concerns in education. SDPC’s vendor marketplace provides technology leaders with a place to find solutions that deliver interoperable solutions with a commitment to privacy.

ManagedMethods also has a direct API integration with SDPC's approved app list built into our platform. A4L SDPC members can enjoy the benefits of automating sanctioning and/or unsanctioning of OAuth apps using ManagedMethods' integration with SDPC.

Secure Platform Infrastructure

When selecting a third-party technology vendor, infrastructure security is critical. Over the years, many school districts have had student and staff PII exposed due to vendor data breaches.

ManagedMethods is built on Google Cloud Platform, a leader in Infrastructure as a Service (IaaS) platform security, stability, and scalability. ManagedMethods infrastructure is ISO, AICPA SOC, and FedRAMP Compliant.

FERPA & CIPA Compliance for Education

Data Loss Prevention

Student and staff information stored in school information systems are lucrative targets for cybercriminals. At the same time, the most common cause of school data incidents is a simple accidental exposure. District IT teams must have access to sensitive information stored in Google Workspace and Microsoft 365 not only to comply with state and federal regulations but also to protect students and staff.

  • Automate data loss prevention to protect social security numbers, W2s, payment and health information, and more
  • Detect anomalous events that indicate unauthorized access to data
  • Identify when data is being improperly emailed or shared
  • Continuously monitor behavior in Google Workspace and Microsoft 365 and automatically mitigate data security risks

Phishing, Ransomware & Malware Protection

Phishing is still the #1 threat vector used by criminals to gain access to school user accounts. At the same time, schools are experiencing a sharp increase in malware—including ransomware—attacks. If your district uses Google Workspace for Education and/or Microsoft 365, external threats can access student and staff information through email, file sharing, and risky 3rd party apps.

  • Scan internal & external emails for phishing and malware threats in the message body, attachments, and links
  • Automatically quarantine or delete emails and shared files containing phishing and malware links
  • Live email search tool allows you to quickly find and remove known phishing emails from all users’ inboxes

Control 3rd Party Apps

Unapproved 3rd party SaaS apps present a risk to district data security and student data privacy. Using ManagedMethods, school districts can easily detect and control 3rd party apps connected to their Google and/or Microsoft 365 domain via OAuth.

  • Identify which user(s) and Organizational Unit(s) that have connected the apps
  • Investigate app information such as app category, permission scopes, risk level (low, medium, high, and critical), the percentage of other ManagedMethods customers who have sanctioned the app, and the number of OUs and users that have activated the app
  • Automatically detect certain apps and take the desired action to remove, unsanction, and/or warn the users
  • Import sanctioned and/or unsanctioned apps lists to automatically allow or disallow known 3rd party apps

Account Takeover Detection

Phishing and malware attacks can lead to account takeover of your district’s Google Workspace and/or Microsoft 365 accounts. An account takeover is notoriously difficult to detect in cloud applications and can lead to additional cyber risks and data exposure.

  • Protect district Google Workspace and Microsoft 365 from an account takeover with advanced phishing and malware threat protection build for the cloud
  • Easily detect behavior that indicates an account takeover attack is underway, such as multiple unsuccessful logins, logins from foreign locations, and failed multi-factor authentication checks
  • Automatically detect and remediate successful account takeovers using highly customizable policy enforcements

Cyber Safety Signals

Signals by ManagedMethods uses keyword scanning and artificial intelligence to monitor district Google Workspace and Microsoft 365 emails, files, shared drives, and chat apps to detect cyber safety red flags, including:

  • Self-harm
  • Cyberbullying
  • Discrimination
  • Explicit content
  • Threats of violence
  • Child abuse and neglect

ManagedMethods Data Privacy & Security Considerations

On December 1, 2020, the FBI, CISA, and the Multi-State Information Sharing and Analysis Center published a Joint Cybersecurity Advisory for K-12 schools. Included in the report are recommendations for districts to consider when evaluating and implementing new edtech tools.

Here is how ManagedMethods complies with the consideration recommendations outlined in the Joint Cybersecurity Advisory report.

Cybersecurity, response, and remediation practices

ManagedMethods reiterates the importance of privacy and data security to employees. We also protect personal information with technical, contractual, administrative, and physical security safeguards to protect against unauthorized access, release, or use.

In the event of unauthorized disclosure of data, ManagedMethods will promptly notify users unless specifically directed not to provide such notification by law enforcement officials.

The notification will include the date of the breach, types of information subject to the breach, a general description of what occurred, and the steps ManagedMethods is taking and/or will take to address the breach and mitigate future risk. We will keep all impacted users fully informed until the incident is resolved.

Data security practices (e.g., data encryption in transit and at rest, security audits, security training of staff, audit logs)

The ManagedMethods platform does not collect or store any personally identifiable, educational, or financial information from customer domains. Metadata that is passed between ManagedMethods and customer domains is encrypted both in transit and at rest.

ManagedMethods reiterates the importance of privacy and data security to employees. We also protect personal information with technical, contractual, administrative, and physical security safeguards to protect against unauthorized access, release or use.

ManagedMethods staff will only log into customers’ service accounts solely to resolve a problem or support issue. In this case, the staff member investigating the problem would have the same access and abilities that a customer admin user has when logged in to the ManagedMethods platform. In all cases, ManagedMethods staff actions will be logged in an audit log.

Maintenance and storage practices (e.g., use of company servers, cloud storage, or third-party services)

ManagedMethods uses Google Cloud Platform for storing and maintaining collected data.

Types of student data collected

The ManagedMethods platform does not collect or permanently store any student, faculty, or staff PII, academic, disciplinary, medical, biometric, financial, etc. data.

ManagedMethods does collect and store information to monitor and maintain the ManagedMethods service to our customers. Such information includes system health and availability, CPU and disk utilization over time, IP addresses for audit logs, etc. The sole purpose of collecting this data is to monitor your service availability and respond to failures to restore the service.

ManagedMethods also aggregates anonymized user data, including document and user metadata, usage and volume statistical information, and other statistics (but not contact information), and may provide such anonymous aggregated data to third parties.

We’re committed to keeping your information safe and secure. To help ManagedMethods provide, maintain, protect and improve our services, ManagedMethods shares information with other partners, vendors, and trusted organizations to process it on our behalf per our instructions, Privacy Policy, and any other appropriate confidentiality, security, or other requirements we deem applicable.

These companies will only have access to the information they need to provide the ManagedMethods service. Current and prospective customers can find information on these partners and service providers we work with by contacting our customer support staff.

How ManagedMethods uses student data

ManagedMethods DOES NOT sell or share student PII, academic, disciplinary, medical, biometric, financial, etc. data with third parties for purposes of new product development, studies, marketing, advertising, etc.

ManagedMethods does aggregate anonymized user data, including document and user metadata, usage, and volume statistical information, and other statistics (but not contact information) to help provide, maintain, protect and improve ManagedMethods services, including new product features development. This information may be shared with other partners, vendors, and trusted organizations to process it on our behalf in accordance with our instructions, Privacy Policy, and any other appropriate confidentiality, security, or other requirements we deem appropriate.

These companies will only have access to the information they need to provide the ManagedMethods service. Current and prospective customers can find information on these partners and service providers we work with by contacting our customer support staff.

Data de-identification, retention, and deletion practices

The ManagedMethods platform does not collect or store any student, faculty, or staff PII, academic, disciplinary, medical, biometric, financial, etc. data.

ManagedMethods does collect and store information to monitor and maintain the ManagedMethods service to our customers. Such information includes system health and availability, CPU and disk utilization over time, IP addresses for audit logs, etc. The sole purpose of collecting this data is to monitor the availability of your service and to respond to failures to restore the service.

ManagedMethods also aggregates anonymized user data, including document and user metadata, usage and volume statistical information, and other statistics (but not contact information).

Any data collected is deleted or de-identified when it is no longer needed, upon expiration or termination of a customer agreement according to the terms of our agreement, or at the direction or request of the educational institution.

Customers may withdraw consent to our processing of personal information at any time. However, withdrawing consent may result in the inability to use some or all of the services.

Take the Next Step

Ready to learn more about ManagedMethods and how we will help your school district comply with federal and state student data privacy, security, and safety regulations?

© 2024 ManagedMethods

Website Developed & Managed by C. CREATIVE, LLC