IMS TrustEd Apps™ Disclaimer & FAQs
IMS TrustEd Apps provides a vetting of a product's data policy according to the IMS TrustEd Apps Rubric. Achieving the TrustEd Apps Certified Seal indicates adherence to a baseline level of privacy. Institutions should review an application's detailed vetting results before approving it for use.
What are the benefits of the IMS TrustEd Apps program?
The IMS TrustEd Apps program benefits institutions that do not have the time or the resources to thoroughly vet an application. Organizations vetting free applications may only be scratching the surface of understanding data privacy and security. IMS's TrustEd Apps Program allows institutions to:
- Save time and money
- Safeguard against free apps violating student data privacy standards
- Quickly build a dashboard of approved apps
- Communicate with developers to clarify issues found in policies or an application’s security
The IMS TrustEd Apps Program uses member-established criteria (rubric) for evaluating apps that encompass data privacy, information security, accessibility, and more. While developers of edtech applications strive to meet the data privacy and security expectations from K-12 and higher education institutions, using the TrustEd Apps program allows vendors to refine their products with student data safety in mind, increasing the adoption of their product, and ensuring compliance with federal or state privacy laws. The myriad of state and federal guidelines and laws regarding student data can be confusing to navigate. Giving suppliers a standard that explains what criteria to meet simplifies the process.
Thoroughly vetting an application can take several hours. As the TrustEd Apps program evolves, we are looking to further reduce the time needed to evaluate applications. Future plans include embedding details about the app vetting criteria and translating those results into a machine-readable format (JSON) so that both K-12 and higher ed institutions can thoroughly vet an application quickly and easily.
What is App Vetting?
A key component of the TrustEd Apps Program is app vetting. Several organizations vet “free” educational applications for use in the classroom and employ a variety of simple processes and checklists. Few organizations can thoroughly vet and evaluate any educational application, regardless of price. Vetting an application involves:
- Knowing what questions to ask to gauge the comprehensive security and privacy policies of the application
- Reading a Terms of Service Agreement
- Contacting the vendor to discuss policy concerns
- Verifying compliance with data transmission security requirements via testing
- Testing all application functionality to confirm policy and terms of service statements.
There are nuances in evaluating fee versus free educational software. Free applications are being used in the classroom at K-12 and higher ed institutions quite often. Paid applications may have legally binding contracts to hold a vendor to its data privacy standards. Vendors who provide free applications do not require legally binding contracts and have no obligation to follow any standards. Understanding what free applications are doing with data and how they are safeguarding student information is important. There may not be a contract, but data is still being produced. The IMS TrustEd Apps program helps to protect teachers and institutions and ultimately students by allowing the institution to understand how data obtained from an app is being used.
Who can vet apps?
All IMS members can vet products that are in the IMS product directory. IMS staff, vendors, districts, and institutions can vet any product whether or not they are using the product.
Who can view vetted apps?
Only IMS members can view complete product reviews.
What is the process for publishing reviews?
All product reviews will be analyzed by IMS staff prior to publication in the product directory to verify that all criteria for posting have been met. If IMS determines that not all criteria have been met, IMS will work with the reviewer to complete all remaining criteria. IMS may also contact the product owner to notify them of a review. The IMS Decision Maker will be contacted to discuss reviews. Applications that receive a “Does Not Meet Expectations” vetting will not be posted in the product directory prior to review with both the vetter and the supplier. In order to ensure any questions are answered and clear up any misunderstandings regarding product policies. If the supplier has not responded to a request to meet to discuss a review within 20 days of contact, IMS may choose the publish the review in the product directory. Application vetting results will be valid for one year from the date posted. Suppliers may request an application vetting review be resubmitted if changes to a product have been made that result in a change to the current rating.
What is the process for submitting a grievance about a review?
If there is a grievance with a review, please contact TrustEdApps@imsglobal.org. IMS Staff will conduct a review to determine a mutually agreed-upon rating. If the parties are unable to resolve a grievance, IMS will send the matter to the App Vetting and Privacy Task Force for resolution by vote. Voting rules for Project Groups and Task Forces will apply. If the vote is inconclusive, IMS staff will make a final decision.
How are edtech applications vetted for data privacy?
How can I access the vetting results of an edtech application?
The general public can see that a application has been vetted in the IMS Global Certified Product Directory. A member of IMS Global can view the detailed vetting results by logging in to the IMS website and viewing an application in the same directory. Members may contact IMS Global for the necessary credentials to log into the website. Some members may also access the detailed vetting results through the TrustEd Apps Dashboard. This access needs to be set up collaboratively with the member institution, an eligible supplier, and IMS Global.
What is the IMS TrustEd Apps Seal?
For suppliers, the IMS TrustEd Apps Seal certifies that an application satisfactorily completes the IMS TrustEd Apps vetting process, and its ratings on the IMS TrustEd Apps Rubric are fully disclosed and meet expectations for data privacy in all areas of the rubric.
For educational institutions, the IMS TrustEd Apps Seal certifies that an institution successfully completes training in the IMS TrustEd Apps vetting process and possesses the necessary skills to vet applications for privacy and security using the IMS TrustEd Apps Rubric.
How can member institutions advocate for suppliers to achieve the IMS TrustEd Apps Seal?
Institutions may seek out suppliers with the IMS TrustEd Apps Seal. They may require that suppliers without the seal obtain it before procuring those resources and include the requirement for the seal in their contracts and requests for proposals (RFPs). IMS staff collaborates with suppliers to complete the IMS TrustEd Apps vetting process to address any potential or identified areas of concern.