V
etting camera companies for specs on audio and quality is one thing. But now, student transporters are tasked with
providing even more due diligence, ensuring vendors are securing data properly,as well as understanding storage restraints and biometric data monitoring. The topic of cybersecurity came up
during the “Technology Adoption: Promise of AI” session in July during STN EXPO West in Reno, Nevada. An attendee asked how the panelists were addressing cybersecurity with their vendors. The attendee from North Car- olina asked about transportation’s role in protecting student data and privacy. She noted there was a lot to learn on the topic and that her department is reevaluating prior partnerships that don’t comply with the overall cyberse- curity requirements of the district. Miles Cole, a panelist for the dis-
cussion and chief strategy officer for RFID card company CI Solutions, said the best route to take is hiring a firm to ensure adherence to SOC 2, a framework developed by the American Institute of Certified Public Accoun- tants that assess how organizations manage data and related systems with a focus on ensuring the securi-
ty, availability, processing integrity, confidentiality and privacy of sensitive data. SOC 2 compliance is achieved through independent audits that verify an organizations implementation of appropriate controls and processes. “That’s the best way to do it. They
know what is required when hosting student data,” he said, noting that cybersecurity is a moving target and something CI Solutions has been working to address, the evidence be- ing its own recent SOC 2 certification. Gaurav Sharada, also on the panel, is the CTO for student transportation company Beacon Mobility and this year’s STN Innovator of the year. He said SOC 2 compliance is one of the first things his company looks for when working with a new partner. He noted that Beacon has developed a security check list of guidelines, a standard the company uses to compare all its vendors. One of the main areas Beacon looks at is how data is stored and who can access the information. “It’s not a one and done deal,” he said, adding that Beacon regularly performs assessments. “If a breach happens, it’s hard to come back from that.” Vendor oversight in terms of secu-
rity is paramount, said Jake McOmie, CTO of Confluence Security.
www.stnonline.com 45
PHOTO ADOBE AI GENERATED
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68 |
Page 69 |
Page 70 |
Page 71 |
Page 72 |
Page 73 |
Page 74 |
Page 75 |
Page 76 |
Page 77 |
Page 78
