STEMscopes Security Information and Compliance
-
Data and Digital Asset Integration
Student, Staff and Course Enrollment Integration
ALI provides its own proprietary and industry-recognized solutions to facilitate the secure exchange of staff and student data. ALI requires minimal student information, and each district decides what, if any, optional information it wishes to submit for its own purposes. In addition, the required fields, such as student ID, are required to be unique and do not have to be the student’s actual SIS ID, social security number, or state ID.
- STEMscopes District Master Data Integration – SFTP (Automated and Interactive): Each SFTP area is specific to each client and is not a shared resource. Uploaded files are immediately moved to an internal, isolated area for secure processing. ALI provides solution examples of how a client may establish automated SFTP file submissions.
- IMS Global – OneRoster: ALI also offers an alternative student/staff data integration solution through IMS Global’s OneRoster.
- Clever - STEMscopes is able to integrate all data required for staff, student, and course enrollment.
- Classlink - This partner provides districts a full data integration solution for staff, students and enrollment.
- Aeries SIS - STEMscopes provides a direct integration to Aeries. Important features are the ability to process data by unique ID's within a school and the ability to identify the course enrollments you wish to provide.
- Schoology - STEMscopes is able to integrate all data required for staff, student and course section enrollments through the Schoology API. This is a useful advantage when implementing Deep Linking and Grade Pass Back as the needed LMS ID's are automatically loaded. No additional integration with any other resource is needed.
- Canvas - STEMscopes is able to integrate all staff, student except for grade level and course section enrollments through the Canvas API. This is a useful advantage when implementing Deep Linking and Grade Pass Back as the needed LMS ID's are automatically loaded. The Grade Level will need to be provided by another source.
- Campus Learning - Spring 2021, STEMscopes is able to integrate all data required for staff, student and course section enrollments through the Campus Learning API. This is a useful advantage when implementing Deep Linking and Grade Pass Back as the needed LMS ID's are automatically loaded. No additional integration with any other resource is needed.
- Infinite Campus - STEMscopes is able to integrate all data required for staff, student, course section, course enrollment and Grade Pass Back.
- Skyward - STEMscopes is able to integrate all data required for staff, student, course section, course enrollment and Grade Pass Back.
- Q SIS - STEMscopes is able to integrate all data required for staff, student course section, and course enrollment. SFTP connection must be set up by the school/district.
- Michigan DataHub - STEMscopes provides direct integration for staff, students and course enrollment.
Single Sign-on (SSO)
- Microsoft SAML SSO
- IMS Global’s LTI and MS SAML SSO
- Classlink
- Schoology
- Canvas
- Clever
LMS / System Integrations
LMS and like Systems who meet IMS compliance in the areas below, should be able to utilize these areas within STEMscopes. If they do not, STEMscopes will work directly with vendors to make adjustments required for these features to work within their system.
Partial List of LMS Systems and IMS Features Implemented
Schoology (ThinCC, Deep Linking and Grade Pass Back, SSO, QTI, Complete Staff - Student Enrollment - LMS ID's Data Integration providing one source for integration making Deep Linking and Grade Pass Back easier to implement)
Canvas (ThinCC, Deep Linking and Grade Pass Back, SSO, QTI, Complete Staff - Student (except for Grade Level) - Course Enrollment - LMS ID's Data Integration.)Note: Grade Level requires an additional file integration.
ITS Learning (ThinCC, SSO, QTI)
Safari Montage (ThinCC)
Google Classroom (Spring 2021)
IMS Global Areas of Compliance
Compliance: Deep Linking & Grade Pass Back,
OneRoster (CSV, REST), ThinCC, *QTI, SSO-
Accelerate Learning
Product: STEMscopes
LTI v1.0, LTI v1.1, LTIv1.1.1, LTI v1.2
Thin CC v1.3
LTI v2.0
LTI Outcomes Service
Product: OneRoster (CSV, REST) API 1.0, 1.1
*QTI - STEMscopes supports egesting questions from our assessments and question bank that is supported by the QTI format (*Multiple Choice, Fill in the Blank, Open/Close Ended Questions)
-
STEMscopes Security Summary
STEMscopes Security Information and Compliance
The following is an overview of security measures Accelerate Learning, Inc. (ALI) incorporates within its product to meet federal student privacy mandates, such as FERPA (Family Educational Rights and Privacy Act), COPPA (Children’s Online Privacy Protection Act), and CIPA (Children’s Internet Protection Act). Compliance with state privacy mandates such as California AB 1584 and California SB 1177 (SOPIPA) are also reviewed to ensure compliance.
Sofware Security
ALI utilizes industry-recognized best practices for security at the infrastructure and network levels of its services. This includes SSL / TLS protocols, API call-level authentication, API bearer tokens, and proprietary solutions.
- Transport Layer Security: ALI implements the Transport Layer Security (TLS) cryptographic protocol for transfers over HTTPS (SSL) connections. With this protocol, unique session keys are used to encrypt and decrypt data transmissions and validate the accuracy of data transmissions. This process is reinforced by additional proprietary authentication.
- Authenticated API Calls: API calls are authenticated individually using OAuth 2.0 authentication occurring over TLS / SSL protocols. This process is reinforced by additional ALI proprietary authentication
- Third Party Penetration / Vulnerability and Code Review: An array of comprehensive commercial penetration and vulnerability tests are performed on ALI’s behalf by a third party organization and their industry-certified internet security experts. ALI reviews the results with the third party to evaluate their findings and develop potential new methods for providing even greater security.
Cloud Service Certifications
The AICPA has replaced the audit standard known as SSAE 16 with a new standard effective for report dates on or after May 1, 2017. This new standard, known as SSAE 18, is designed to address and clarify concerns over the clarity, length and complexity of the many other AICPA standards.
Annual audits are performed by a third party auditing firm for SSAE 18 and PCI compliance. Audits comply with International Organization for Standardization (ISO) 27001/2 and with the Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization.
-
CA Compliance
Accelerate Learning Inc.& California AB 1584 CompliancePolicy Statement
Effective August 1, 2015
Accelerate Learning, Inc.
Compliance with California AB 1584
Effective August 1, 2015
Policy Statement: Technology services agreements entered into, amended, or renewed by California school districts on or after January 1, 2015 must include specific requirements. These requirements apply to contracts for services that utilize electronic technology, including cloud-based services, for the digital storage, management, and retrieval of pupil records, as well as educational software that authorizes a third-party provider to access, store, and use pupil records.
-
Pupil records continue to be the property of and under the control of
the school district.
ALI Response:
- Accelerate Learning, Inc. (ALI) makes no claim of ownership of any kind on a district’s student records. A district manages the personnel who facilitate entering and maintaining all student data through student file submissions or manual entry.
-
A description of the means by which pupils may retain possession
and control of their own pupil-generated content, if applicable,
including options by which a pupil may transfer pupil-generated
content to a personal account.
ALI Response:
- Appropriate district personnel may print a summary of a student’s work and provide it to the student for their records.
-
A prohibition against the third party using any information in the
pupil record for any purpose other than those required or
specifically permitted by the contract.
ALI Response:
- ALI does not use any student information for any purpose other than those required to fulfill its services.
-
A description of the procedures by which a
parent, legal guardian, or eligible pupil may review personally
identifiable information in the pupil's records and correct erroneous
information.
ALI Response:
- Student guardians may request appropriate district personnel to review their student’s information and submit requests for any modifications to be made. ALI does not respond to parent requests to change student data
-
A description of the actions the third party will take—including the
designation and training of responsible individuals—to ensure the
security and confidentiality of pupil records.
ALI Response:
- Districts are able to manually enter their data directly into the system, or merge their information through data file submissions. District staff complete these tasks using their assigned user name and password. The school district’s personnel prepare the student import files that are submitted to the system. These files are processed through a private, secure SFTP area that is not shared with any other resource. All actions can be performed without the assistance of ALI staff. Appropriate district administrative personnel are provided training on the maintenance of student data through the ALI portal. If a district’s technical staff requires assistance, they are able to request assistance from ALI’s technical staff.
-
A description of the procedures for notifying the affected parent,
legal guardian, or eligible pupil in the event of an unauthorized
disclosure of the pupil’s records.
ALI Response:
- ALI will first verify that a breach has occurred. Upon verifying the event, ALI will contact by phone the appropriate district personnel. A full report of the incident will be emailed to the appropriate district staff.
-
A certification that a pupil’s records shall not be retained or
available to the third party upon completion of the terms of the
contract and a description of how that certification will be enforced.
ALI Response:
- ALI certifies that all district tables and records shall not be retained by, or available to, ALI after 90 days past the completion of services. This will include production and backup data repositories. Upon the completion of this action, the District’s system administrator will be notified
-
A description of how the local educational agency and the third
party will jointly ensure compliance with the federal Family
Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g).
ALI Response:
- ALI meets all requirements of FERPA. Modifications to student records are logged and available for appropriate district staff to review. A district is able to maintain student records manually to make modifications. ALI intentionally requires minimal information, all of which is typically defined by districts as “Directory Information” (Title 20 › Chapter 31 › Subchapter III › Part 4 › § 1232g). If district personnel have any questions or concerns regarding FERPA compliance, they may contact ALI Technical Support for more details
-
A prohibition against the third party using personally identifiable
information in pupil records to engage in targeted advertising.
ALI Response:
- ALI does not utilize any student information in advertising of any form.
-
Pupil records continue to be the property of and under the control of
the school district.
ALI Response: