PowerSchool Completes Annual SOC® 2 Examination, Furthering Commitment to Data Security

When the next security threat occurs, make sure your confidential information is safe

By Rich Gay, PowerSchool Chief Information Security Officer & Vice President of Development

K-12 schools and districts partnering with PowerSchool can rest assured that data security is our top priority. This is especially relevant while schools are increasing distance learning and remote operations efforts because of the COVID-19 pandemic.

To minimize risk and exposure to customers’ data, PowerSchool completes annual System and Organization Controls (SOC) 2® Type 2 examinations on the company’s controls relevant to security, availability, and confidentiality for multiple applications. These examinations are conducted on the following PowerSchool products: PowerSchool SIS, PowerSchool Special Programs, PowerSchool Enrollment, Schoology, PowerSchool SchoolSpring Job Board, Applicant Tracking, Employee Records, and Perform, and PeopleAdmin.

What Does SOC 2 Mean for K-12 Schools and Districts?

Developed by the American Institute of Certified Public Accountants (AICPA), SOC is designed for companies storing customer data in the cloud. SOC 2 requires companies to establish and follow strict information security policies and procedures, encompassing the security, availability, and confidentiality of customer data.

PowerSchool’s SOC 2 Type 2 examinations are performed by A-Lign. The examination provides assurance that controls relevant to the AICPA Trust Services Security, Availability, and Confidentiality Principles are designed and operating effectively. Schools and districts can use these reports to evaluate your edtech vendors and verify whether or not they meet essential requirements from various teams, including security, compliance, internal audit, and procurement, among others.

To meet SOC 2 compliance, companies should prove the ability in four areas of security practices: 1) monitor the known and unknown to ensure confidential information is safe, 2) have alerting procedures in place, 3) provide detailed audit trails, and 4) demonstrate the ability to take corrective action against suspicious activity quickly.

K-12 Security Tips Take a deeper dive into cybersecurity essentials, including guidelines and tips for boosting your defenses. Download the Whitepaper

PowerSchool’s Commitment to Keeping Customers Secure

The SOC 2 examination supplements the ISO/IEC 27001:2013 certification PowerSchool first received in 2017 and successfully renewed each year. The extensive investments we make to secure our applications, and customers’ data, are validated by these independent examinations.

We also have a 24×7 Security Operations Center (SOC). In the old days, school districts had their servers and computers in a backroom closet. The people who owned it also managed it and were responsible for maintenance and security. Now, PowerSchool hosts thousands of customers. Security and maintenance responsibilities are on us as the cloud provider, and we take them very seriously. Our SOC monitors and responds to security alerts and events on our networks and systems, neutralizing threats so we can keep information secure.

PowerSchool is committed to continuing to prioritize data security and safety with continued investment and improvement in our infrastructure and operations.

About Rich Gay

As PowerSchool’s Chief Information Security Officer & VP of Development, Rich is responsible for cybersecurity, and R&D Operations. Rich has led the PowerSchool R&D team’s substantial improvements in PowerSchool products over the past decade, including technology stack and hosting operations modernization, internationalization, and ability to scale to handle even the largest school districts.