Are you looking for the Classworks Special Education program from TouchMath? Click here to go to their site.

logo for Classwork.com
logo for Classwork.com

Student Data Privacy at Classwork.com:

 Why Promises Aren’t Enough

Prep Rally image: Use Classwork.com every day to promote assessment fluency in your students Classwork Files

K–12 education has become one of the highest-risk sectors for cyberattacks, data breaches, and ransomware incidents. “Privacy pledges” and policy statements alone are no longer sufficient, particularly for districts operating under increasing state-level cybersecurity requirements and vendor risk-assessment frameworks.

At Classwork.com, we implement enterprise-grade cloud security controls based on least-privilege access, data minimization, continuous monitoring, and auditable security controls, reinforced by a structured SOC 2 Type II roadmap aligned to district expectations.

Not Just “Privacy”—Operational Security Controls

K–12 education has become one of the highest-risk sectors for cyberattacks, data breaches, and ransomware incidents. “Privacy pledges” and policy statements alone are no longer sufficient, particularly for districts operating under increasing state-level cybersecurity requirements and vendor risk-assessment frameworks. At Classwork.com, we implement enterprise-grade cloud security controls based on least-privilege access, data minimization, continuous monitoring, and auditable security controls, reinforced by a structured SOC 2 Type II roadmap aligned to district expectations. Many edtech companies rely on privacy promises, self-attestations, or static compliance badges. Those are useful, but in isolation they don’t prevent misconfigurations, zero-day exploits, lateral movement, or compromised credentials. Real security requires continuous verification and defense-in-depth. Our security controls include:
  • role-based access control (RBAC)
  • principle of least privilege (PoLP)
  • multi-factor authentication
  • continuous vulnerability scanning
  • encryption in transit (TLS 1.2+) and at rest (AES-256)
  • SIEM-level security event logging
  • CNAPP-based cloud posture management and runtime threat detection
This architecture enforces operational security, not just stated intentions.

1EdTech TrustEd Apps + Cloud-Native Security Platform

Classwork.com is certified under 1EdTech TrustEd Apps, validating our handling of student data, privacy disclosures, data minimization, data sharing, and FERPA alignment. Beyond certification, our cloud environment is protected using a Cloud-Native Application Protection Platform (CNAPP) providing:
  • posture assessment
  • real-time anomaly detection
  • continuous compliance mapping
  • threat intelligence
  • automated remediation
  • continuous cloud configuration analysis
  • event logging and audit trail maintenance
This provides real-time controls rather than periodic reviews.
student data privacy

SOC 2 Type II Roadmap (Security → Confidentiality → Availability)

We currently maintain SOC 2 policy compliance and are actively in the SOC 2 Type II audit window, beginning with the Security Trust Services Criterion. This scope aligns directly to our risk profile (minimal PII, RBAC, encryption, cloud-native environment) and validates the effectiveness of our security controls over time.
Phase 1 – Security (current audit period)
Includes operational validation of:
  • identity and access management
  • audit logging
  • encryption
  • least-privilege access
  • endpoint and workload protection
  • incident identification and response
  • CNAPP continuous monitoring
Phase 2 – Confidentiality & Availability (next audit cycle)
We will expand our SOC 2 Type II scope to include:
  • Confidentiality
  • Availability
Both are already addressed in our architecture and operational processes; next audit cycles will provide external attestation.
Documentation Availability
Districts may request:
  • SOC roadmap summary
  • audit status updates
  • architecture documentation
  • bridge letters (once issued)
  • security control summaries

Why This Matters for Districts

District technology offices, state cybersecurity teams, and procurement evaluators increasingly require:
  • audited security controls (not policy promises)
  • continuous monitoring
  • minimal PII ingestion
  • encryption standards
  • incident response procedures
  • role-based access control
  • vendor-supported risk documentation
Classwork.com’s security architecture supports these requirements now, and our SOC 2 Type II roadmap demonstrates long-term commitment to auditable, externally verified security controls.

Data Minimization by Design

We collect only the minimum data required for instructional functionality. This reduces student data exposure and aligns with privacy-by-design, FERPA principles, and modern vendor risk frameworks.

Continuous Verification, Not Static Compliance

Modern cybersecurity requires continuous controls, automated monitoring, and rapid remediation—not a “paper compliance” approach. At Classwork.com, security is operational, measurable, and independently verifiable over time. Our SOC 2 Type II roadmap formalizes that approach and aligns directly to district expectations.

Bottom Line

Security must be observable, auditable, and continuously enforced. That’s why Classwork.com invests in:
  • CNAPP 
  • SOC 2 Type II 
  • real-time monitoring 
  • encryption standards 
  • least-privilege access 
  • posture assessment 
  • FERPA alignment 
  • 1EdTech TrustEd Apps certification 
Promises aren’t enough. Operational security is the only real protection for students and districts.