New York's K-12 Tailored Cyber Risk Solution

Simplified Compliance, Amplified Security!

New York school districts rely on technology just like any business—but with fewer resources and higher stakes. Between limited staff, growing cybersecurity threats, and strict rules like FERPA, CIPA, COPPA, CJIS and New York’s own requirements (e.g. Education Law §2‑d, State Technology Law §208 , etc.), the pressure is nonstop.

That’s why we built a smarter, simpler way to help New York districts stay secure and compliant—without the stress or the high price tag. Peace of mind is now practical. Get the tools, guidance, and protection your schools need, all in one easy-to-use platform.
Only 2% of School Districts We Engage With Are Compliant With Federal and State Cyber Requirements

New York's students and staff deserve uncompromised and sustainable cybersecurity

Laws & Regulations

OMB UGG Final Revision 200.303(a)-(e)

If administering federal awards, establish/document/maintain effective internal controls and take reasonable cybersecurity and other measures to safeguard information

FERPA (34 CFR Part 99)
Confidentiality of education records; annual notices; access controls; disclosure logs; staff training
PPRA (20 U.S.C. §1232h)
Notice/consent for certain surveys, marketing, or sensitive data collection
IDEA Part B (34 CFR §§300.610–.627)
Notice/consent for certain surveys, marketing, or sensitive data collection
CIPA (47 U.S.C. §254)
Internet safety policy; content filtering & monitoring; online safety/cyberbullying education
HIPAA/FERPA guidance
Treat school health records under FERPA; define exceptions
FBI CJIS Security Policy
Technical, physical, and personnel controls; audits; training for districts with police presence
Education Law §2‑d & 8 NYCRR Part 121
Data Security & Privacy – Adopt a Data Security & Privacy Policy consistent with the NIST Cybersecurity Framework; appoint a Data Protection Officer (DPO); publish a Parents’ Bill of Rights; require Data Security & Privacy Plans in every third‑party contract; provide annual training; implement breach/incident response and required notifications.
State Technology Law §208
Breach Notification for state agencies & local governments – Notify affected NY residents without unreasonable delay after a data breach; notify NY Attorney General, Dept. of State, and State Police; coordinate with timing allowances for law enforcement.
Ed Law §2801‑a; 8 NYCRR 155.17
SAVE Act – District‑wide & Building‑level Safety Plans – Adopt/annually update district and building‑level emergency response plans; conduct required drills; submit/retain plans per NYSED guidance; include provisions for communication, cyber/IT dependencies, and coordination with first responders.
Ed Law §2801‑b & NYSED guidance
Behavioral Threat Assessment & Management (BTAM) – Establish/operate BTAM teams with law‑enforcement partnerships; adopt procedures; train team members; document assessments and interventions; align with student privacy laws.
Ed Law §10 et seq.; 8 NYCRR 100.2(l)(2)
Dignity for All Students Act (DASA) – Implement policies, training, and instruction addressing harassment, bullying, and cyberbullying; designate DASA coordinators; track/report incidents.
Public Officers Law Art. 6 FOIL – security/privacy exemptions – Apply FOIL exemptions for records that if disclosed could endanger life/safety or reveal IT security details/critical infrastructure; protect student PII consistent with FERPA/Ed Law 2‑d.
NY Penal Law Art. 156
Computer Tampering/Unauthorized Use – Reflect prohibitions in AUP/handbooks; ensure referral procedures for violations involving unauthorized access or damage.
NOTE: Let’s make this a great resource for everyone.  If we are missing any legislation, please send us a quick note to [email protected]
New York K-12 Compliance Matrix (Download)
NY Flag
Build a safer, stronger future for your New York schools with Minerva EDU. With rising cybersecurity threats and new state mandates like Education Law §2‑d, K–12 IT teams need more than technical tools—they need clear communication with leadership.

Minerva EDU bridges that gap. Use familiar visuals, plain-language reporting, and board-ready insights to help your district manage cyber risk and meet New York’s evolving standards — without overwhelming your team.
We Protect New York Schools!
This Is How We Do It!
RIC_One_Logo

RIC One unites New York’s 12 Regional Information Centers (RICs) to deliver statewide technology leadership, data privacy, and security solutions for K-12 schools. By working together, we provide consistent, cost-effective services that help districts safeguard student information, comply with state and federal regulations, and make the most of their data to support teaching and learning.

nysed-logo

The New York State Education Department is part of the University of the State of New York (USNY), one of the most complete, interconnected systems of educational services in the United States. Our mission is to raise the knowledge, skill, and opportunity of all the people in New York. Our vision is to provide leadership for a system that yields the best educated people in the world.

Visit our The Corner (Insights & Answers) our blog and FAQ for helpful tips, expert guidance, and answers to common questions. Curious about the value we deliver? Try our ROI Calculator at the bottom of our EDU page to see how much your district could save while improving cybersecurity.
Ready to get started? Let's Go!

Send us a quick message and we will contact you within 24 hours to discuss your cybersecurity needs and/or schedule a free 30 min. consultation with a subject matter expert.  There is no better time to take control of your cybersecurity program than today. 

Kids Pointing

Does your organization rely on federal funds?

Most Don't Know They have attached cyber requirements

Minerva Was Designed For This Purpose

Read The Full Post