Jul 02 2026
Management

ISTELive26: How K–12 Districts Can Build a Safer, Smarter Digital Ecosystem

Following rubrics and breaking down silos helps district leaders make smarter technology decisions.

K–12 school districts are packed with digital tools, and it’s up to IT leaders to manage the governance, data and risk associated with them. But no single department can do this alone and without all of the facts they need to make an informed decision. 

At ISTELive 2026 in Orlando, Fla., technology experts explained how cybersecurity, data privacy, accessibility and governance work together and why building a safe, intentional, student-centered digital environment depends on breaking down the silos between IT and the rest of the district.

Cybersecurity Maturity Assessments Can Help Guide Policies

Tom Ashley, national K–12 cybersecurity strategist for CDW, said it’s important for districts to know their level of cybersecurity maturity before making decisions or purchases. 

Click the banner below for solutions to lead your district to cyber resilience.

 

“Unless you know where you are, it’s very difficult to have a path forward and end up where you want to be,” he said. 

The Cybersecurity Coalition for Education developed its Cybersecurity Rubic as a K–12 interpretation of the National Institute of Standards and Technology’s standard and other cybersecurity and privacy standards. This 1 to 5 scale tells districts whether their cybersecurity posture is reactive and unprepared or proactive and resilient. Once your posture is defined, the next step is prioritization.

“The next part is to identify where your areas of improvement and gaps are,” Ashley said. “Then, you have to make well-informed decisions on what the next steps are, because how you add your protections in the right order is how you’re going to get the biggest bang for your buck and decrease your attack surface.”

He warned attendees against what he called “random acts of cybersecurity” — creating a reactive, piecemeal cybersecurity defense without a cohesive strategy. Instead, he urged leaders to focus first on essentials: a firewall, backup and recovery solutions, multifactor authentication, endpoint protection, and a practiced incident response plan.

Ashley also noted that some of the most impactful changes are rooted in policies, not products. He told a story about how an email spoofing incident once cost him his paycheck.

DISCOVER: A clear roadmap can help districts build cybersecurity maturity.

“As soon as I heard how that happened, I was able to make some really simple changes,” he said. “Some of these protections we’re talking about don’t cost dollar signs. What it took to fix this situation was procedures, policies and guidelines.”

A Rubric-Driven Approach to Vetting Digital Resources

This strategic mindset around tool adoption, as well as the policies and procedures that define them, can extend to how districts adopt other ed tech tools. Martha Barwick, supervisor of innovation in learning for Harford County Public Schools, and Andrea Harthausen, learning management system specialist, explained their district’s framework for assessing and adopting digital resources. 

In the past, Barwick said, digital tools were cataloged in a spreadsheet, with a team of two using their judgment to determine whether something would be approved for use. Today, that process looks a little different. 

“Now we have a digital resource committee that has representatives on it from every content area,” she said. “We have a rubric that is based on 1EdTech. We had a representative from the state of Maryland come in to talk to us and train us on how we look at a Voluntary Product Accessibility Template, how we evaluate it and how we test the actual digital resource. We have a formal vendor letter, we have a disclosure form, and now we are kicking off an official AI evaluation.”

Click the banner below to get weekly insights sent to your inbox.

 

The district separates its digital resources into two categories: essential and supplemental.

“The essential resources are those resources that we pay for, that we have a contract with,” Barwick said. “The data privacy agreement and amendment to terms of use are always vetted through our legal counsel and our director of technology. The supplemental tools are those tools that our teachers find.”

Barwick and her team have developed a submission process for teachers looking to implement a supplemental resource. The process doubles as professional development, requiring teachers to gather information about privacy policies and accessibility before making the request.

The HCPS vetting framework is made up of five parts: data privacy, accessibility, interoperability, pedagogy and content, and AI transparency. The committee reviews each proposed tool based on a set of criteria, questions for vendors and red flags to watch out for in each category.

“It’s a roadmap, but it doesn’t end,” Harthausen said. “Even though we feel that we’re doing really well with this process, I still feel like we’re in the beginning now that we’re facing AI. AI is advancing, and more digital resources are encompassing AI, so we are going back to the drawing board this summer so that we can make sure we have that as part of our rubric, and that our team gets trained again. We’re always going to be evaluating, which I think is what we do as educators anyway. We’re always reflecting.”

LEARN MORE: Professional development can increase technology adoption rates.

Digital Resource Adoption Requires Breaking Down Silos

When it comes to decision-making, whether related to cybersecurity or digital resource adoption, input from across a district is vital. 

On the security side, Ashley noted, districts can’t treat cyber risk as an IT-only problem given its direct ties to school safety and student wellness.

“We have facilities handling the physical security,” he said. “We have counselors and principals and others taking care of student wellness, but after the fact, when something happens, either on the cybersecurity side or with a school safety event, we find out maybe there were some discipline incidents, questionable web searches or social media posts that could have been identified that tell a story.”

Ashley said it’s important to get all district leaders in a room when making technology decisions, particularly those around cybersecurity. He emphasizes this during cybersecurity maturity assessments.

“That’s really one of my goals: trying to bust those silos down, trying to get people talking together, and trying to build that awareness and support,” he said. “It provides value to both IT and leadership.”

UP NEXT: Balancing educational technology and foundational skills is key to learning success.

On the instructional side, digital resource governance follows the same philosophy. Teachers and technology leaders share ownership of decisions. Secretaries, principals and other non-IT staff are trained on the district’s vetting and approval process so they can answer questions and route requests appropriately. This intentional collaboration builds a common language around risk, accessibility and instructional value. 

“It is a lot of work to go through these processes, but we do it for the students,” Barwick said.

Visit this page to catch up on all of our ISTELive 26 coverage.

adamkaz/Getty Images
Close

New Research from CDW on Workplace Friction

Learn how IT leaders are working to build a frictionless enterprise.