This is the first blog on the new TrustEd Apps Rubrics (self-assessment tools) developed by the 1EdTech community.
Updated Version: 8/4/2025
As security needs and regulations increase with the onset of new products and enhanced features like AI within longstanding apps, practical resources that can help increase the efficiency and value of your educational technology vetting process are more important than ever.
1EdTech’s TrustEd Apps™Security Practices Rubric is designed to gather base-level security policies, procedures, and processes to help educational institutions determine if a more advanced review is worth it.
The Security Practices Rubric also gives new edtech providers a basic understanding of what is needed and expected by their institutional partners when it comes to security policies and practices. This guidance helps product owners prepare up-to-date responses to reflect changes in their applications and platforms.
"Many times, a proposed tool enters the ecosystem because a faculty member returns from a conference and asks to use a tool they have seen. Without going through the entire review process, which can take weeks, we can look it up quickly and get a sense of the tool by using the rubric. If we see the tool has significant accessibility issues or unanswered security questions, we can start a conversation with the vendor or let the faculty know the tool won’t work at our institution,” said Jim Williamson, Senior Advisor to the Vice Provost of Teaching and Learning for Digital Planning and Strategy at UCLA. “If the vendors do the work of completing the rubric while not guaranteeing acceptance, they are exponentially more likely to be successful.”
1EdTech members who participated in the TrustEd Apps Security Task Force pointed out that this does not replace the more in-depth Higher Education Community Vendor Assessment Tool (HECVAT) but instead is a supplement or even a precursor to the assessment, providing a simpler point of access for new and legacy suppliers.
“This rubric gives us a good baseline of understanding for where the supplier is currently. We may need to dive deeper eventually, but it will help eliminate some of the basic questions that can take a few days to solve over email,” said Jon Werth, Senior Online Learning Environment system Administrator at the Minnesota State Colleges and Universities. “For newer companies, and even older companies just entering the edtech space, this is a nice way to show what is really important and what we all want to see right off the bat.”
“There are hundreds of very small edtech companies coming into the marketplace. Oftentimes, they are a few people with an idea,” added Williamson. “Being able to point newcomers to something less intimidating than the HECVAT can help them get started.”
The new Security Practices rubric complements 1EdTech’s Accessibility, Data Privacy, and Generative AI Data rubrics as effective tools in helping institutions decide which learning resources to include in their trusted ecosystem.
“Data privacy is good to look at in terms of the legal policies in place. The security rubric looks at the technical practices,” said Werth. “We’re looking at the company’s practices when it’s building or maintaining the software, how they handle authentication, and how they manage the services and cloud structure.”
As with all of 1EdTech’s TrustEd Apps rubrics, the security rubric was created and is supported through the collaboration of 1EdTech members in K-12, higher education, and edtech providers. Providers fill out information right within the online rubric and offer written evidence and attestations, and any concerns from the community are reported to 1EdTech.
“As more edtech providers fill out the rubric, we hope to be able to go into 1EdTech’s product directory to see certifications and rubric results in one place so we can see how each tool fits into our environment,” said Werth.
“The rubric is also flexible. Campuses generally do not publish their security review findings,” said Williamson. "Because vendors and tools are constantly changing, 1EdTech’s TrustEd Apps Management Suite will display current results, which allows us to point faculty or staff to information that can help explain why tools might not be adopted at our institution.”
Anyone can access and use the TrustEd Apps Security Practices Rubric. Edtech providers are encouraged to complete and submit their self-assessments annually. Institutional members should ask their provider partners to complete the assessment to help with any procurement decisions. Results from provider self-assessments are available to all 1EdTech members in the TrustEd Apps Directory.
About the Author
Suzanne Carbonaro
Suzanne Carbonaro is the vice president for postsecondary education and workforce programs at 1EdTech. Suzanne spent much of her career in higher education as a leader of curriculum and assessment, instruction and student success, institutional effectiveness and planning, and accreditation. Over the last five years, Suzanne served as a subject matter expert for two edtech companies and supported the growth of interoperability standards, strategic planning processes, and the Comprehensive Learner Record (CLR) across the colleges and universities she served. Suzanne’s research interests and publications are in the areas of digital credentials and CLR, high-impact practices, co-curricular assessment, and integrated strategic planning. Previously, Suzanne served as Director of Assessment at the Philadelphia College of Pharmacy and Rider University’s College of Education and Human Services. Through her leadership, these institutions were re-accredited and received recognition for their assessment practices, including the American Association of Colleges of Pharmacy 2019 Award for Excellence in Assessment. Suzanne managed New Jersey Department of Education and Janssen Pharmaceuticals grants to advance STEM Education, teacher leadership, recruitment, and retention in NJ public schools. Suzanne currently serves on the Grand Challenges in Assessment, a national collaboration of ten organizations and over 400 higher ed leaders seeking to advance assessment of student learning through discourse, research, and professional learning.
