menu opener

Cybersecurity, Data Privacy, & Infrastructure

PowerSchool is committed to being a good custodian of student data, taking all reasonable and appropriate countermeasures to ensure data confidentiality, integrity, and availability.

Connect With Us

Partner with the Industry Leader for Protected, Private Data

We believe that the safe collection and management of student data is essential to student success in the digital classroom.

Take Control of Your Student Data

PowerSchool certifies the application, database, and infrastructure security of our software solutions. PowerSchool customers own their student and school data; we have no rights to access or sell student or school data and we do not collect, maintain, use or share student personal information beyond that needed for authorized educational or school purposes, or as authorized by the parent or student.

Our Pledge of Student Privacy

PowerSchool has signed the national Student Privacy Pledge regarding the collection, maintenance, and use of student personal information. The pledge states: “School service providers take responsibility to both support the effective use of student information and safeguard student privacy and information security.”

Assure Stakeholders That Your Student Data Is Safe

Schools and districts can communicate with confidence to shareholders that their student data is safe and secure.​ PowerSchool compliance initiatives are driven by many regulations, including:
  • Family Educational Rights and Privacy Act Regulations (FERPA)
  • General Data Protection Regulation (GDPR)
  • Children's Online Privacy Protection Act
  • Breach Laws, Data Residency Laws
  • Digital Millenium Copyright Act (DMCA)
  • Sarbanes-Oxley Act
  • Sate contracts for reporting

Give Parents Peace of Mind

Parents can rest assured that PowerSchool is a trusted, verified custodian of their children’s data. When a district or school partners with PowerSchool, parents and students are invited into the secure system and enter their information, with their consent.

10K

Servers Monitored 24/7

8B

Events Processed Monthly

1B

Web Attacks Blocked Annually

330K

Patches Installed Monthly

Security Measures and Infrastructure with PowerSchool

We're dedicated to keeping customers' student, staff, and student data safe, demonstrated through the following procedures and best practices:

  • Dedicated Security Team
    led by a Chief Information Security Officer

  • SOC 2 Compliance
    To minimize risk and exposure to customers’ data, PowerSchool receives annual SOC 2 Type 2 examinations on the company’s controls relevant to security, availability, and confidentiality for multiple applications. Customers may contact their Account Rep to be provided reports.

  • Security Operations Center (SOC)
    Security and maintenance responsibilities are on us as the cloud provider, and we take them very seriously. Our Security Operations Center runs 24x7x365, providing “eyes on glass monitoring and response” to security issues on an organizational and technical level.

  • ISO 27001:2022 certification
    PowerSchool performs annual third-party audits of its security management system and has achieved the internationally recognized ISO 27001:2022 certification. The ISO 27001 certification outlines standards with annual, third-party audits that come in and evaluate our processes, trainings, and more.

  • Penetration Testing/Vulnerability Scans
    We perform vulnerability scanning as a regular part of our software development to ensure we find and fix vulnerabilities before we ship them. We complete static, dynamic, software composition analysis, as part of our SDLC, as well as regular third-party penetration testing.

  • Next generation end-point protection
    on all servers and devices

  • Real-time vulnerability scanning
    on all servers

  • WAF and IDS/IPS
    Web Application Firewall and Intrusion Detection System/Intrusion Protection System to protect our networks and devices

  • Secure software development/OWASP
    Confirming that security is considered in the entire end-to-end process of developing software, including training, processes, code reviews, and vulnerability scanning

  • Customer Data Handling
    ensuring data residency, with no information going offshore, and strict policies and processes to handle data safely

  • Security Awareness Training
    Extensive and ongoing security/cybersecurity training for all our employees, along with secure coding training for software engineers

PowerSchool Signs CISA’s K-12 Education Technology Secure by Design Pledge

The quarterly issue of the PowerSchool Information Security Report was born out of the K-12 Education Technology Secure by Design Pledge. PowerSchool publicly agreed to the pledge at the White House ceremony in September 2023. The report is meant to provide our customers with additional transparency about cybersecurity at PowerSchool. It features cybersecurity trends in education as well as ways organizations can protect themselves.

Q1 2024 Report
Q2 2024 Report

Responsible Disclosure Program

PowerSchool values the contributions of independent security researchers who invest time and effort to make our applications more secure. We encourage responsible reporting of any potential areas for improvement or vulnerabilities that may be found in our applications via our Responsible Disclosure Program.

PowerSchool Fulfills K-12 Education Technology Secure by Design Pledge

  • Single Sign On (SSO) at no extra charge
    Complete – PowerSchool offers SSO for its products at no charge to the customer. We encourage all customers to take advantage of this feature because of the increased security and control that implementing SSO gives them.

  • Security audit logs at no extra charge
    Complete – PowerSchool provides security logs at no cost to customers. Any customer may request logs simply by opening a support ticket. We also provide assistance with interpreting and analyzing the logs. PowerSchool also makes available security and product subject matter experts to assist schools and districts.

  • Publish a Secure by Design roadmap
    Ongoing – A Security by Design roadmap is being drafted and will be published in Q3 2024.

  • Publish a vulnerability disclosure policy
    Complete – PowerSchool has long had a Responsible Disclosure Program in which researchers and other interested parties can submit bug reports. We have also updated our Terms of Service to allow scanning from approved organizations including CISA. 

  • Embrace vulnerability transparency
    In Progress – PowerSchool is in the process of standardizing how vulnerabilities in our cloud products are communicated to our customers. The notifications are designed to provide customers with transparency regarding the remediation of vulnerabilities in the products they use. 

  • Publish security-relevant statistics and trends
    Ongoing – PowerSchool committed to publishing Security Reports quarterly. The published Security Reports are available here.

  • Publicly name a top business leader (not the CTO or CISO) who is responsible for security
    Complete – Our CEO, Hardeep Gulati, is the business leader responsible for security at PowerSchool.

 

Ready to Learn More? Get in Touch.

Talk to our experts about how PowerSchool can help with your data protection needs.

close