Compliance / FERPA/COPPA

FERPA & COPPA for MSPs

The two federal frameworks that govern student data and children's online privacy — directly relevant if any client you serve is a school, district, or ed-tech vendor.

Why this reaches an MSP, not just the client

This is the framework we track the most deliberately, because it's not hypothetical for us — Nexus runs the MSP practice we dogfood the platform on, and part of that practice serves K-12 school clients directly, where FERPA (student education records) and COPPA (children under 13 online) aren't abstract compliance line items, they're the actual data our own team is responsible for every day.

What the Nexus compliance module tracks

  • Posture tracking scoped to student-data handling — access control, audit logging, and data-minimization practices relevant to FERPA's access and disclosure rules
  • COPPA-relevant controls for any client-facing surface that could touch a child's data or online activity
  • The same per-tenant isolation and encrypted-secrets defaults every other framework page describes — student data doesn't get a lighter posture because the client is a school rather than an enterprise
  • A QBR built for a district's technology committee or school board, not just an IT department

This describes what the module tracks against FERPA/COPPA — not a claim that Nexus or any client on it is certified or audited against it. See the compliance & QBR module for the full picture, or read the blog for more on how we think about compliance tooling.

Ready to see FERPA/COPPA posture tracked for real?

Join the design-partner cohort and we'll walk through the control mapping for your own clients.