Global Education Security Standard (GESS)


Global Education Security Standard (GESS) is a matrix/crosswalk of all existing security frameworks along with the core set of controls applicable to PK-20 data.

With the range of technical, functional, cyber security, data protection, privacy and other requirements, it is increasingly laborious to demonstrate compliance during procurement exercises.

With the growing number of security standards and frameworks, there is a significant amount of crossover, and much of it not in a language that allows for consideration of educational or operational needs of educational institutions. GESS streamlines this process by identifying and cross walking security controls that are applicable in Educational Technology products.

Building on the success of the ST4S assessments across Australia and New Zealand, the Student Data Privacy Consortium has brought together a working group of educational departments, leading vendors and academics to develop a Global Education Security Standard, to provide a common grounding baseline for all, as well as regional requirements.

GESS Documentation

View a comprehensive report on control questions and response options for K-12 EdTech.

Download Report
Self Assessment
GESS Self Assessment

How do your score? Find out by using the GESS Self Assessment Tool

Begin Assessment
Explore GESS
Other Ways to Explore GESS

This is a longer card with supporting text below as a natural lead-in to additional content.

Start Exploring
About GESS

  • GESS is an internationally agreed upon set of security controls pulled from major cyber security frameworks that are most applicable to the PK20 education ecosystem.

  • By joining the GESS subscribers you will be aiding the movement of the EdTech industry towards one common set of security controls to apply across many jurisdictions, thus avoiding the need to prove certification in multiple frameworks PK20 schools and districts are adopting the GESS set of controls as the expected security measures to be in place to protect all student data.

  • In the US the next version of the National Data Privacy Agreement will include the GESS as an approved and accepted control framework In New Australia & New Zealand the preexisting ST4S controls are embedded within GESS.

  • GESS will streamline both the providers’ ability to implement required security controls while at the same time meeting school expectations all with one common set of controls.

Learn more >>
GESS Disclaimer
This GESS Documentation and Portal contains copyright material which has been reproduced with the permission of Education Services Australia Limited. Copyright is owned by Education Services Australia Limited. All rights reserved.
About the Consortium
Resource Center
Join the Community
News and Events
Privacy Policy
Terms of Use
A4L Community
PO Box 249
Malden, MA 02148
Contact Us