About the ST4S Assessment

Learn how we work with the Australian education sector to standardise the assessment of digital products and services in schools.

Why ST4S?

ST4S has been developed to enhance the security, privacy, interoperability and online safety of software applications and services commonly used by Australian and New Zealand schools.

The goals and standards of ST4S are shared by all Australian and New Zealand education jurisdictions – including state, territory, Catholic and independent school sectors – for the benefit of the whole education community:

    • Schools and educators will benefit from clear, consistent information regarding products and services, generic risks and suggested treatments.
    • Students, teachers and families will benefit from schools choosing more compliant products and services.
    • Suppliers will benefit from a standardised and aligned assessment process, with results that are respected by all participating stakeholders.

Who manages ST4S?

ST4S is administered by Education Services Australia (ESA) on behalf of state and territory governments and the Catholic and independent school sectors, and the New Zealand Ministry of Education.

The ST4S Working Group is made up of security and privacy professionals and representatives from across Australia and New Zealand. The Working Group meets regularly to discuss security and privacy matters relevant to the education sector and to maintain the ST4S Assessment Framework.

ST4S assessments are co-ordinated by ESA’s National Schools Interoperability Program (NSIP) team while state and territory governments and Catholic and independent school sector representatives, and the New Zealand Ministry of Education engage their schools, their software suppliers and their communities regarding ST4S.

An Overview of the Process

Suppliers can participate in the ST4S assessment process in one of two ways:

    • Supplier initiated (self-nomination)
    • Invitation from a school or education authority

Supplier initiated – Suppliers complete the ST4S Readiness Check and iterate until they are ready to submit for a full assessment. Note: Suppliers can access the Readiness Check at any time and use it to gauge their readiness for a full ST4S assessment. Learn more about the Readiness Check here.

Invitation from a school or education authority – Suppliers receive an invitation to participate and complete an ST4S Readiness Check, iterating until they are ready to submit for a full ST4S assessment. Note: Suppliers can access the Readiness Check at any time and use it to gauge their readiness for a full ST4S assessment. Learn more about the Readiness Check here.

  1. Once suppliers have completed the Readiness Check and obtained a satisfactory outcome, they may formally submit their results for consideration by the ST4S Working Group to undertake the full ST4S assessment.
  2. The ST4S Working Group use a range of criteria to prioritise services for assessment including usage by local schools, procurement activities or recent reported incidents involving the product or involving products of a similar type.
  3. Suppliers are invited to participate in the full ST4S assessment process and are sent an online questionnaire containing a number of criteria across categories such as data protection, organisational security, software development practices, privacy controls and data breach incident. These criteria are more comprehensive than those within the Readiness Check.
  4. Suppliers completing the questionnaire are required to attest that their responses are true, correct, accurate, up-to-date, and not misleading in any way. Depending on responses to some questions, additional supporting documentation may be required.
  5. When submitted the supplier responses are analysed and validated by the ST4S Team.
  6. Results are reviewed with the supplier and any items that require clarification are worked through collaboratively.
  7. Once the review is complete, the final assessment results are made available to ST4S Working Group members and educational jurisdiction Chief Information Officers and the New Zealand Ministry of Education. Approved ST4S stakeholders may distribute the results to their schools.