menu opener

How We Protect Your Data

Strong Security is Foundational to Serving K-12 Education

As a leading provider of cloud-based software for schools and districts around the world, PowerSchool is deeply committed to safeguarding student, family, and educator data.

Connect with Us

PowerSchool Security Commitment

We're shaping and redefining security for the education technology industry. Our comprehensive security strategy focuses on:

Culture

Security is everyone’s responsibility at PowerSchool. We foster a culture of shared accountability across every team firmly rooted in our moral and ethical obligation to protect the communities we serve.

Learn More

Validation

Demonstrating our deep commitment to security, risk management, and customer trust, we undertake annual third-party audits to confirm our security measures meet or exceed industry-defined standards​.

Learn More

Posture

We invest heavily in all aspects of security technologies and practices, ensuring solutions remain ahead of evolving threats via infrastructure and system security, monitoring and threat detection, and access and credentialing.

Learn More

Collaboration

We believe collaboration is key to strengthening security across the education industry, working alongside industry partners, organizations, and policy-makers to advance cybersecurity for all.

Learn More

Security Across the K-12 Industry

Learn how PowerSchool's approach to cybersecurity compares to industry standards.

Culture: Security is Everyone's Responsibility at PowerSchool

Data Protection Regulations

We adhere to all applicable state, provincial, and federal data privacy regulations, including FERPA, COPPA, and other student data protection regulations.

Employee Requirements

We have annual background checks and ongoing security awareness training for all employees and contractors.

Embedded Secure by Design

We design our products to be secure by design by embedding security and privacy from inception, not as an afterthought.

Ownership and Accountability

We own the responsibility for security and maintenance of customer data as the cloud provider. We take that responsibility very seriously.

Validation: Our Data Protection is Certified

These accredited firms provide unbiased validation to our approach and empower us to continue to set the standard.

Certification

Certification

ISO 27001:2022 Certification​

We perform annual third-party audits of our security management system and have achieved the internationally recognized ISO 27001:2022 certification.

Compliance

SOC 2 Compliance​

We receive annual SOC 2 Type 2 examinations on our controls relevant to security, availability, and confidentiality for multiple applications to minimize risk and exposure to customer data.

Verification

1EdTech TrustEd App​

Through the 1EdTech Consortium, our products are verified to meet rigorous interoperability, privacy, and data security standards.

Posture: Investing in Security for the Long-Term

Infrastructure and System Security

  • Ongoing compliance testing.​
  • Heavy investments in modern security infrastructure including static and dynamic code scanning, best of breed network and workload protection, intrusion detection and prevention systems, advanced endpoint protection, and more than 30 annual penetration tests.​
  • A dedicated security team of over 40 individuals.​
  • Web Application Firewall (WAF) and Intrusion Detection System/Intrusion Protection System (IDS/IPS0).​
  • Defend against more than a billion cyberattacks each year.​
  • Web application firewall on average blocks over 66 million attacks against our customers each month.​
  • Partner with cloud infrastructure vendors to conduct risk assessments, ensure best-in-class configurations, and remediate vulnerabilities quickly.
  • Follow OWASP secure software development as part of the entire end-to-end process of developing software, including training, processes, code reviews, vulnerability scanning, and Red Teaming.

Monitoring and Threat Detection

  • Security Operations Center runs 24x7x365.​
  • Partner with CrowdStrike to perform dark web monitoring.​
  • Continuous auditing of all access to customer data to validate and reinforce our security framework.

Accessing and Credentialing

  • Multi-factor authentication (MFA), biometric authentication, role-based access controls, and VPN-secured product portals to ensure only authorized personnel can access customer data.
  • Shared credentials are strictly limited, tightly controlled, and only allowed when technically necessary.
  • Access to customer data is reviewed monthly, requires leadership approval, and is automatically removed if no valid business need is identified.
  • All access to PowerSchool systems requires the use of PowerSchool-managed devices, with login sessions and maintenance windows tightly restricted to minimize risk.

Collaboration: Advancing Security in K-12 Together

We have built and maintained deep alliances with Microsoft, AWS, and Snowflake to integrate industry-leading security infrastructure and ensure scalable, secure K-12 data operations.

We work with industry organizations like CoSN and 1EdTech to align with best practices, listen to district needs, and share actionable guidance.

PowerSchool was one of the first to sign CISA’s voluntary pledge to design products with greater security built in.

We partner with best-in-class cybersecurity companies to protect our customers’ data and extend their products and services to K-12 districts at discounted prices, including KnowBe4, Abnormal Security, and NopalCyber.

We have a Customer Security Advisory Council to provide a forum for in-depth security reviews, industry collaboration, and best practices sharing.

Check out our K-12 Data Security & Privacy Resource Kit

Additional Resources

Video

PowerSchool’s Commitment to Security

Learn More
Blog

Your Guide to Understanding and Reducing K-12 Cybersecurity Costs

Learn More
Video

Keeping Data Secure While Using AI

Learn More

 

Connect with Us

Learn more about PowerSchool’s commitment to security.