Access our Written Information Security Plan regarding student data here.

Version 2: 5.20.25

The objectives of this comprehensive written information security program ("WISP") include defining, documenting, and supporting the implementation and maintenance of the administrative, technical, and physical safeguards the Civics & History Inquiry Partnership ("CHIP"), a fiscally sponsored program of Goodnation Foundation, has selected to protect the personal information it collects, creates, uses, and maintains. This WISP has been developed in accordance with the requirements of the Massachusetts Data Security Regulation, 201 Code Mass. Regs. 17.01 to 17.05, the Family Educational Rights and Privacy Act (FERPA), and other similar U.S. state laws.

If this WISP conflicts with any legal obligation or other CHIP and/or Goodnation procedure policy or procedure, the provisions of this WISP shall govern, unless the Information Security Coordinator specifically reviews, approves, and documents an exception (see Section 3).

THIS PROGRAM WILL BE IMPLEMENTED BY DKP LAUNCH, a fiscally sponsored program of Goodnation Foundation.

1. Purpose

The purpose of this WISP is to:

Ensure the security, confidentiality, integrity, and availability of personal information CHIP collects, creates, uses, and maintains.
Protect against any anticipated threats or hazards to the security, confidentiality, integrity, or availability of such information.
Protect against unauthorized access to or use of CHIP-maintained personal information that could result in substantial harm or inconvenience to any research participant, student, or employee.
Define an information security program that is appropriate to CHIP's size, scope, and educational research activities, its available resources, and the amount of personal information that CHIP owns or maintains on behalf of others, while recognizing the need to protect both student and employee information.

2. Scope

This WISP applies to all employees, contractors, officers, and directors of CHIP. It applies to any records that contain personal information in any format and on any media, whether in electronic or paper form.

For purposes of this WISP, "personal information" means:
A Massachusetts resident's first and last name
Student education records and personally identifiable information as defined by FERPA, including but not limited to:

Student name
Student birthdate
Assessment responses and scores, including:
Civic Knowledge Test responses (pre- and post-course)
Civic Values Questionnaire responses (pre- and post-course)