Our system is designed with student data security at the forefront and we are SOC 2 Type II compliant. We make every effort to avoid accidental or intentional invasion of a student's personal data including grades, scores, and personal information.
Teachers and admins need to protect their own passwords so that student data is not compromised.
Teachers and admins need to train students on how to protect their own passwords and set a good example in the classroom, by using security best practices such as:
- Encourage students to keep their passwords private.
- Discourage students from sharing their passwords with friends or writing them down where other students can see them.
- Tell students you do not want to know their passwords. This is for your own protection as well as theirs. All the data you need can be accessed through your own account.
- Never log into student accounts for any reason.
- If a student needs to share their work with you, have them share a screenshot or a screencast, or watch them work in person or via screensharing.
- If you need to collect student account information for troubleshooting with NROC/EdReady, do not ask a student to share their password with you. We never need that information for troubleshooting.
- Do not have students all use the same password. This creates a serious risk of a security breach whether intentional, accidental, or as a "prank".
Please recognize and support the following security protocols around student and admin/instructor passwords.
- Only temporary passwords can be set from the admin side, whether by school staff or NROC/EdReady staff.
- Users should always set and reset their own passwords using the tools provided on the screen.
- EdReady/NROC Staff will never ask users for their passwords.
- Do not send passwords via email. Email is plain text and therefore not secure.
- Students should be advised not to share their passwords with anyone, including teachers and admins.
- Students should not have all the same or similar passwords.
- Teaching students about password security best practices will help them maintain the privacy and security of their personal data well beyond this program.
Please note that our system only sends temporary passwords to users who request them from a registered email address. NROC staff and your school's teaching/admin staff cannot set permanent passwords in the system.
In cases where the system allows an admin to reset a student's password, it is always a temporary password. The student must control their permanent password. They should log in with the temporary password immediately, then complete the change to set their own private password.