ePals Policy Management

In this tutorial, we will inform you about safety features of ePals through Policy Management. This involves some technical detail.

Tutorial # 16

Goals of this Tutorial

This tutorial will explain the basics of Policy Management • What is it?• Understand Policy

Management and how it works within SchoolMail

Learning Objective: Understand what SchoolMail offers

Policy Management: 3 Tracks

• ePals SchoolMail uses three technology approaches to create safe and secure communications:

Domain Security: firewalls and access policies Message Security: filtering and moderating Application of Rules-based Controls: specification of roles,

organizational hierarchy, etc. (Who can a sophomore send to or get email from?)

• These are more commonly found in compliance-oriented enterprises like banks and large companies • Consumer-based email systems do not typically have these

safety strategies• Gmail, Yahoomail do not have monitoring of student accounts

Learning Objective: Understand Policy Management and how it works within SchoolMail

Policy Management FrameworkLearning Objective: Understand Policy Management and how it works within SchoolMail

Allows authorized administrators to “set” policy in varying ways for every user of the system. Policy is enforced for every mail sent and received by the system. Can apply both to mail:

• from outside the domain (student gets email from the Internet, a reply to a question asked of an author)

• from within the domain (email sent from one student to another using their SchoolMail accounts)

Most email systems apply filtering solely to a domain boundary, a much weaker strategy.

Policy Management ComponentsLearning Objective: Understand Policy Management and how it works within SchoolMail

ePals SchoolMail policy management framework has five core components:• Domain Security• Message Security (filtering and moderation)• Rules-Based Controls• Manageability• Information Security and Compliance

Policy ManagementLearning Objective: Understand Policy Management and how it works within SchoolMail

From an end user’s point of view, policy management in SchoolMail is defined mainly by understanding capabilities of Domain Security, Message Security and Rules-based Controls.

Generally, most K12 applicable systems implement Domain Security and have some Message Security in the form of content filtering for messages into and out of the domain.

ePals distinguishes itself particularly in the areas of Rule-Based Controls and Message Security, especially as it relates to rule-based controls, not just domain-based controls.

Domain Security Learning Objective: Understand Policy Management and how it works within SchoolMail

ePals provides filtering at the domain boundary—the scope of defined policies are limited to the specified domain and its members.Application of filtering rules at the domain boundary – Spam, AntiVirus and application of Message Based security.

While ePals does more, typical systems do these items only: Apply Spam and Antivirus checks to incoming mail only Have message security policies for inter-domain traffic only Have profanity filtering/ moderation at the mailbox level onlyePals allows application of policies for incoming and outgoing traffic, and for inter-domain as well as intra-domain traffic.

Message SecurityLearning Objective: Understand Policy Management and how it works within SchoolMail

Monitoring: analogous to cc – route a copy of the message to a moderatorModeration: route to a human for review and action – approval, rejectionAttachment filtering at mime type level: options include block; monitor; moderate; allowMessage content filtering: filter for inappropriate words and then take some action on “flagged” messages -- monitor (cc), route for moderation, block

Inappropriate word filtering: for profanity, problem words or policy abuse

Uses methods and algorithms analogous to Spam filters, where the textual content of a message (or an attachment) is scanned against filter-words lists and matching patterns (“regular expressions”), and receive a score.

Lists can be updated using a management console to take into account variations, rapidly changing vocabulary, new slang.

Message SecurityLearning Objective: Understand Policy Management and how it works within SchoolMail

Rules-Based ControlsLearning Objective: Understand Policy Management and how it works within SchoolMail

Real world organization structure is established and users are created as members of these structures within a domain (district, network of schools, school, class group, grade level)

Every user can be assigned one or more roles (student, educator, guardian, administrator, moderator) and placed within one or more levels of organizational structure.

User 1 is a student at PS134 in 4th gradeUser 2 is an educator at Bronx Science and a moderator User 3 is a guardian at Jefferson Middle School

Rules-Based Controls: ExamplesLearning Objective: Understand Policy Management and how it works within SchoolMail

Relationships between users are established: a) School-based relationships

• My teacher• My guardian• User 3 is a guardian of User 1, who is a 4th grader at PS134

b) Social-based for collaboration (Science Club)User 1 is a student at PS134 in 4th gradeUser 2 is an educator at Bronx Science and a moderator User 3 is a guardian at Jefferson Middle School

Summary

Multiple layers of student safety • Filter level (set by teacher for student)• Access level (set by district or school)• Adult preview available, incoming and outgoing mail• Adult gets copy of each email (if requested)• Only adults confirmed to be teachers or

homeschooling parents are added to the community• Adults have profiles (not students)• Privacy of student data (TRUSTe certification)• Attachments can be previewed (set by teacher)

Learning Objective: Summarize Policy Management and student safety measures

Review

This tutorial explained:

• Why ePals’ Policy Management is Stronger than General Market eMail Systems and Safer for Education

Learning Objective: SchoolMail Policy Management