Educational need Core student information / management system across the region — the system of record for student, staff and parent data.
Intended users All staff; student & parent records, Years 1–13
Expected outcomes Single source of truth for student data across all schools.
Security · VettED Round 1 (live)
Insufficient — Request Data-Processing Agreement
📄 Looks like a website privacy policy, not a data-processing agreement.
This reads as a general website privacy policy, not a data-processing agreement: 14 of 18 questions are simply not addressed. That's a wrong-document signal, not a vendor judgment — the 22.2% reflects silence, not bad practice. Enterprise vendors' real assurance lives in their DPA, a security cert (e.g. ISO 27001), or a completed questionnaire. Request those and assess in Round 2.
This public document answers only
4 of 18 of the student-data checklist — so VettED won't score it as a vendor judgment.
The real assurance for an enterprise system lives in its DPA + security cert (e.g. ISO 27001),
which is exactly what OneTrust (Round 2) verifies.