ST4S Readiness Check
Self assessment tool for Suppliers
What is the Readiness Check?
The Safer Technologies 4 Schools (ST4S) Readiness Check is a self-assessment tool for suppliers. It allows suppliers to check how their product is doing against the nationally agreed privacy and security assessment framework for K-12 education.
Learn more about the ST4S Assessment Framework in the ST4S Vendor Guide.
The ST4S Readiness Check:
- Highlights significant gaps between the service’s current security and privacy controls and the ST4S assessment framework
- Identifies areas within a supplier’s service that require attention in relation to privacy and security
- Provides information and standards to support suppliers in improving the privacy and security of their products and services
As a supplier:
Once you have completed the check and obtained a satisfactory outcome, you may formally submit your results for full ST4S assessment. Please note that the prioritisation of full ST4S assessments is determined by the ST4S Working Group.
Importantly full ST4S assessment results are shared with Chief Information Officers (CIOs) from state and territory Departments of Education, as well as with nominated representatives of the Catholic and Independent school sectors.
How does it work?
The ST4S Readiness Check is suitable for products and services that are used within a K-12 education setting and which process or handle personally identifiable or sensitive information and operate in an online environment (whether partially or entirely).
The ST4S Readiness Check consists of two steps:
- A short survey that presents critically important criteria, sourced from the ST4S Vendor Guide. Upon completing the survey you’ll be provided with some feedback about your service’s readiness to complete a full ST4S assessment.
- An optional step to submit your service to be considered for a full ST4S assessment.
Once you’ve completed the Readiness Check, the readiness status of your product or service will be displayed.
If your service is not ready to submit for full assessment, you can return later to update your responses once you’ve incorporated the recommended changes.
If your service is ready you can submit your results to the ST4S Working Group for consideration and prioritisation for a full ST4S assessment.
Prior to starting the Readiness Check make sure you have read the FAQs below and are familiar with the ST4S Vendor Guide.
The Readiness Check can be completed in more than one sitting. Make sure to include your contact information in the contact details page so you can save your progress as you go. This will allow you to return at any time to update your responses and complete the check.
This Safer Technologies for Schools (ST4S) assessment tool (comprising the Readiness Check and the assessment questionnaire) is provided:
- for information purposes only and does not constitute advice; and
- on the basis that suppliers are responsible for assessing the relevance and accuracy of its content and of the information provided.
Education Services Australia Limited (ESA) through its business unit the National Schools Interoperability Program (NSIP) has compiled this assessment tool in good faith and has endeavoured to ensure that all material is accurate and does not breach any entity’s rights at the time of its inclusion. However, the material may contain unintentional errors and is provided ‘as is’.
Participation in the ST4S process is voluntary.
The Readiness Check is the first step in preparing for and completing the full ST4S assessment. By providing all of the critical ‘show-stopper’ assessment criteria from the full ST4S assessment up front via the Readiness Check, suppliers can review any control gaps identified earlier and remediate prior to being requested to complete a full ST4S assessment. In the ST4S Vendor Guide, critical criteria are marked with a hash (#) and listed in section 6.6.
From late 2021, all suppliers will be required to undertake a ST4S Readiness Check prior to undergoing a full ST4S assessment.
Note: Results from the Readiness Check do not guarantee a priority invitation to complete, or compliance under, the full ST4S assessment.
Yes. Vendors may undertake the Readiness Check multiple times. If you do not pass the initial check, we will provide recommendations for improving readiness. You can submit a new Readiness Check at any time.
After receiving your results, you may formally submit these to the ST4S Working Group to have your service considered to undertake the full ST4S assessment. Only a limited number of services are able to undergo a full ST4S assessment each year.
You may also choose to simply receive your Readiness Check results and not formally submit.
Some vendors may receive a request to undertake the Readiness Check in preparation to complete the full ST4S assessment.
This request may originate from Education Services Australia (ESA), a State or Territory Department of Education, a school or a school authority (Catholic or Independent) that is a member of the ST4S Working Group.
Once you have completed the Readiness Check and formally submitted your results, your submission will then be shared with the ST4S Working Group for prioritisation. Only a limited number of services are selected for full ST4S assessment each year, so there will likely be a delay between submitting Readiness Check results and receiving an invitation to complete a full ST4S assessment.
No, your initial Readiness Check results are private. When you formally submit these for the full ST4S assessment, they will be shared with the ST4S Working Group for the purposes of prioritisation. Only results from services that complete the full ST4S assessment process are shared with Chief Information Officers and ST4S Working Group members, who may then share the results locally (with schools, school system offices, etc).
The use of ST4S results and reports produced from the full ST4S assessment process is a local decision.
Suppliers are able to use the Readiness Check results to drive internal service and organisational improvements regarding privacy and security controls.
Suppliers cannot use the Readiness Check results to promote their services with current or future customers (this includes schools, students, parents and guardians, teachers, school administrative staff, departmental and non-government sector staff and other suppliers).
The Readiness Check is designed for vendors who deal with data that includes personally identifiable and sensitive information. For more details, please refer to What is personal information? – https://www.oaic.gov.au/privacy/your-privacy-rights/your-personal-information/what-is-personal-information/
Practically, this means that the Readiness Check is suitable for services which store, process or handle an individual’s name, address, contact details, photographs etc. Please consult the ST4S Vendor Guide for more details on data classifications. Services which do not process personally identifiable or sensitive information, subject to prioritisation by the ST4S Working Group, may be able to undergo a separate ST4S assessment. Please contact the ST4S Team for further details.
In addition, the Readiness Check (and broader ST4S assessment), is geared towards services that have some online component, this includes solutions which are fully hosted in the cloud, and those that have components which require or interact online (for example a client-server application which on occasion calls an online payment gateway). Services that have no online component (for example applications which are deployed to a local desktop only) are not suited to completing a Readiness Check.
Have a Question?
You can reach out to the ST4S team at Education Services Australia.