Release V1.1 Draft to publish in September!


Framework

image2

 The Association's focal product is the Edspex Framework, a finite set of attainable control measures for educational agencies and vendors. The Framework aligns to common security and privacy industry practicess, incorporates prominent education sector 'hyperframeworks', and has consideration for state and federal laws pertaining to the use of personal data.  

Edspex Domain Areas

The Framework is made up of 15 domain areas. Modelled heavily from common frameworks outside EDU, these areas of focus cover both privacy and security with meaningful breakdown to help adopting organizations and their subjects, as well as marketplace providers, condition to identify, protect, detect, respond, and recover to security and privacy threats and incidents.

  1. INVENTORY
  2. GOVERNANCE 
  3. CHOICE AND PARTICIPATION 
  4. DATA SUBJECT RIGHTS 
  5. ACCESS 
  6. AWARENESS AND TRAINING
  7. SECURITY
  8. MAINTENANCE 
  9. DATA MANAGEMENT
  10. LIMITED USE AND COLLECTION 
  11. TRANSPARENCY AND NOTICE
  12. MONITORING 
  13. INCIDENT MANAGEMENT
  14. DATA SHARING AND 3rd PARTIES 
  15. COMMUNICATIONS

Dive Deep!

Domain Areas detail ~100 control guidelines, each a potential unique consideration for your organization. Become a Supporter to learn more, its free. 

Find out more

Framework