Veracross
Veracross is the leading one-person, one-record school management platform for K-12 independent schools.
07/08/2026
Congratulations to Mason Preparatory School in Charleston, South Carolina on their new website going live!
Mason Prep's site launched just 12 weeks after kickoff, a great example of how quickly schools can move with Digistorm websites by Veracross.
See it here: https://www.masonprep.org/
06/30/2026
“Which security framework should we follow?” is a question that all schools ask must ask.
On a recent episode of the ATLIS Talking Technology podcast, Jo Bentley and Mike Martell talked through the options schools weigh most often.
ISO is the name that comes to mind first, and it travels well internationally. The catch is cost: it is usable across borders, but at significant expense.
NIST is becoming the practical default, and the reason is refreshingly simple. As Jo put it, U.S. taxpayers cover the cost of the NIST standards, so a school can baseline against NIST CSF without spending heavily to do it. It covers AI governance, underlying cybersecurity controls, and, in recent years, privacy. For most schools, that combination of breadth and cost makes NIST CSF the gold standard.
Two more worth knowing: much of the world’s privacy regulation is derived from GDPR, so aligning to it rarely steers you wrong. And from a U.S. perspective, CCPA has pushed protections forward in meaningful ways.
More advice from Jo and Mike about and is available on this blog post: https://www.veracross.com/resources/how-should-independent-schools-govern-ai-data-privacy-and-security/
06/26/2026
Here is the part of the vendor conversation that catches schools off guard: handing your data to a provider does not hand off your responsibility for it.
To quote Bentley, our Global Chief Information Security Officer:
“When you entrust an asset to someone else, you are still accountable for it. Out of sight is not out of mind.”
Under a GDPR framework, the school is the controller. That means the responsibility to choose vendors who meet your requirements sits with you, not with the vendor you chose. It’s worth putting in the time.
Start with two questions: what problem am I trying to solve, and which vendors actually solve it?
Then, in due diligence, treat your data as the most important thing in the room. Ask to see audit reports and audit trails. Ask the vendor to prove they are meeting the requirements of the law and your own data and recovery requirements. And settle one question early: if you ever stop doing business with them, how do you get your data back?
None of this requires a security team of your own. It requires knowing your data is your asset, and asking for proof it is being treated that way.
Jo and our former CISO, Mike Martell, talked through the details on the ATLIS Talking Technology podcast, and we've pulled a synopsis of their wisdom together on our blog. Check it out!
https://www.veracross.com/resources/how-should-independent-schools-govern-ai-data-privacy-and-security/
Click here to claim your Sponsored Listing.
Category
Telephone
Website
Address
Wakefield, MA