At Education Analytics, we view data stewardship as a responsibility of utmost importance. As a non-profit, data are something we protect, not something we own. Since our inception, we have been committed to using the most up-to-date and advanced technology and industry practices to ensure the continued security of the data entrusted to us by our partners, including school districts and states. Data security is fundamental to our organizational DNA, and data privacy is a core feature of all our products and services. To put these philosophies into practice, we have pursued three certifications as an organization that highlight our commitment towards leading the K-12 education industry when it comes to data security and privacy.

SOC2

In 2022, our organization went through the process of becoming certified in SOC2, which verifies that EA securely manages our partners’ data to protect student privacy and ensure confidentiality. SOC stands for “System and Organizational Controls,” which means the processes (or controls) in place to ensure the security of an IT system or data system, as well as the security of the organization itself.

SOC2 is a certification provided by an external auditor to organizations that have demonstrated their compliance with the five trust principles set forth by the American Institute of CPAs (AIPCA), which designed the SOC2 process. EA initiated the SOC2 process in 2021, when we designed the security controls that the audit would assess in 2022. Throughout 2022, we underwent our first annual SOC2 audit process to test those controls in practice, and we received the receipt of our SOC2 report at the end of 2022. By undergoing the SOC2 audit process, we aimed to achieve and exceed the kinds of processes and best practices that help the field of education remain cutting-edge when it comes to data security, privacy, and confidentiality.

The five trust principles of SOC2 include privacy, security, confidentiality, availability, and processing integrity. Each principle covers a set of internal controls related to different aspects of the organization’s information security approach. Although security is the only required criteria for SOC2 certification, we chose to include controls that demonstrate compliance with all five principles in our SOC2 audit. For more information about how we demonstrated compliance with all five principles, check out this blog highlighting our full SOC2 certification journey.

Each year, we will repeat this auditing process to ensure the continued operational effectiveness and efficiency of the security practices we have in place throughout our entire organization, especially as we continue to grow.

TX-RAMP

Our suite of Ed-Fi enabled products recently received TX-RAMP (The Texas Risk and Authorization Management Program) Level 2 Certification through May 2027. EA’s products with TX-RAMP certification include StartingBlocks, Stadium, Podium, and the Rally Analytics Platform.

TX-RAMP is a Texas Department of Information Resources (DIR) program that reviews security measures taken by cloud products and services that transmit data to Texas state agencies. Education Analytics is certified at Level 2 for TX-RAMP, which is the higher of the two certification levels, and is required for cloud computing services that process, store, or transmit agency data determined to be both confidential and a moderate or high impact information resource.

Our suite of products maintained provisional TX-RAMP certification for more than a year, having previously secured their SOC2 certification. Obtaining full certification recognizes the steadfast commitment that Education Analytics has in leading the industry and protecting our partners when it comes to data security and privacy.

Following our SOC2 certification, TX-RAMP is the second feather in our cap recognizing our cybersecurity framework. We see this as an opportunity to continue earning the trust of our education partners by assuring them of our continued commitment to ensuring the very best security within our product offerings.

Vice President of Information Technology

EA's decision to pursue TX-RAMP certification emerged as a key requirement of Education Analytics' work with the Texas Education Exchange. Certifying Education Analytics' cloud-based products ensures that these products can be offered to local education agencies in Texas served by the Exchange, with all necessary and desired security requirements met.

ISO 27001

We are currently pursuing the ISO 27001 certification. Similar in concept to SOC2, ISO 27001 is a process of defining how our organization meets the criteria set forth by the International Organization for Standardization (ISO) and we are undergoing an audit to ensure compliance with the criteria to receive this certification. Receiving SOC2 certification is a necessary and useful step towards ISO 27001 certification, which is a broader international standard for data security. We are also starting to see ISO 27001 certification emerge as a requirement in some Requests for Proposals (RFPs) from our education agency partners – a requirement we strongly support. For 2024-25, our goal is to complete an internal audit and prepare for Stage 1 of the ISO 27001 certification process. We hope to achieve full ISO 27001 certification between 2025 and 2026.

Data security and privacy remain a priority for our organization and our commitment to securing certifications like TX-RAMP, SOC2, and ISO 27001 enhances our transparency and trust with our partners. We also aim to be a positive influence on the broader K-12 education sector by encouraging the adoption of and adherence to stringent certifications like these ones for any vendors or service providers.

Interested in learning more about how EA manages its security?

Contact us to learn more about our certification process and how we safeguard student data. Check out our privacy policy to read more about how we make the security and safety of data our primary focus.