Framework
The Association's focal product is the Edspex Framework, a finite set of attainable control measures for educational agencies and vendors. The Framework aligns to common security and privacy industry practicess, incorporates prominent education sector 'hyperframeworks', and has consideration for state and federal laws pertaining to the use of personal data.
Edspex Domain Areas
The Framework is made up of 15 domain areas. Modelled heavily from common frameworks outside EDU, these areas of focus cover both privacy and security with meaningful breakdown to help adopting organizations and their subjects, as well as marketplace providers, condition to identify, protect, detect, respond, and recover to security and privacy threats and incidents.
- INVENTORY
- GOVERNANCE
- CHOICE AND PARTICIPATION
- DATA SUBJECT RIGHTS
- ACCESS
- AWARENESS AND TRAINING
- SECURITY
- MAINTENANCE
- DATA MANAGEMENT
- LIMITED USE AND COLLECTION
- TRANSPARENCY AND NOTICE
- MONITORING
- INCIDENT MANAGEMENT
- DATA SHARING AND 3rd PARTIES
- COMMUNICATIONS
Dive Deep!
Domain Areas detail ~100 control guidelines, each a potential unique consideration for your organization. Become a Supporter to learn more, its free.