The Association's focal product is the Edspex Framework, a finite set of attainable control measures for educational agencies and vendors. The Framework aligns to common security and privacy industry practicess, incorporates prominent education sector 'hyperframeworks', and has consideration for state and federal laws pertaining to the use of personal data.
The Framework is made up of 15 domain areas. Modelled heavily from common frameworks outside EDU, these areas of focus cover both privacy and security with meaningful breakdown to help adopting organizations and their subjects, as well as marketplace providers, condition to identify, protect, detect, respond, and recover to security and privacy threats and incidents.
Domain Areas detail ~100 control guidelines, each a potential unique consideration for your organization. Become a Supporter to learn more, its free.