About the ST4S Assessment

Learn how we work with the Australian education sector to standardise the assessment of digital products and services in schools.

Why ST4S?

ST4S has been developed to enhance the security, privacy, interoperability and online safety of software applications and services commonly used by Australian schools.

The goals and standards of ST4S are shared by all Australian education jurisdictions – including state, territory, Catholic and independent school sectors – for the benefit of the whole education community:

    • Schools and educators will benefit from clear, consistent information regarding products and services, generic risks and suggested treatments.
    • Students, teachers and families will benefit from schools choosing more compliant products and services.
    • Vendors will benefit from a standardised and aligned assessment process, with results that are respected by all participating stakeholders.

Who manages ST4S?

ST4S is administered by Education Services Australia (ESA) on behalf of state and territory governments and the Catholic and independent school sectors.

The ST4S Working Group is made up of security and privacy professionals and representatives from across Australia. The Working Group meets regularly to discuss security and privacy matters relevant to the education sector and to maintain the ST4S Assessment Framework.

ST4S assessments are co-ordinated by ESA’s National Schools Interoperability Program (NSIP) team while state and territory governments and Catholic and independent school sector representatives engage their schools, their software vendors and their communities regarding ST4S.


An Overview of the Process

  1. The ST4S Working Group usea a range of criteria to prioritise products for assessment including usage by local schools, procurement activities or recent reported incidents involving the product or products of a similar type.
  2. Vendors are invited to participate in the assessment process. Invited vendors who wish to participate are sent an online questionnaire containing a number of criteria across categories such as, data protection, organisational security, software development practices, privacy controls and breach/incident data.
  3. Vendors completing the questionnaire are required to attest that responses are true, correct, accurate, up-to-date, and not misleading in any way. Depending on responses to some questions, additional supporting documentation may be required.
  4. The vendor responses are analysed and validated by the ST4S Team.
  5. A draft report is created and, together with any clarification questions, is sent to the vendor for feedback.
  6. Following a review cycle with the vendor, a final copy of the report is developed.