Cyberattack on Canvas
Canvas has been affected by a global cyberattack in which the personal data of students, lecturers and staff has been stolen. This includes users’ names, email addresses, student numbers and...
Canvas
Interim update memo on the Osiris DPIA | additions regarding vocational education
We would like to inform you that SURF Vendor Compliance has published an interim update memo regarding the expansion of the Osiris DPIA to include vocational education-specific scenarios. We have...
OSIRIS
Update Xedule DPIA
Following the DPIA on Xedule in July 2025, it is time to provide an update. Xedule has indicated that it has now implemented most of the mitigating measures. The implementation...
Xedule
SURF finalizes DPIA on Adobe Creative Cloud and Document Cloud for Education
SURF and Privacy Company have conducted a Data Protection Impact Assessment (DPIA) on Adobe Creative Cloud and Document Cloud for Education. SURF confirms that institutions may continue using these products,...
Adobe
TOPdesk implements privacy improvements following SURF DPIA
Institutions can continue to use TOPdesk, according to SURF's DPIA. SURF identified 9 high risks and 3 low risks. TOPdesk has already mitigated 4 of the high risks and will mitigate the remaining high risks soon. TOPdesk is a service management platform used by...
Security assessment pilot on Xedule completed
SURF Vendor Compliance has completed a security assessment pilot on Xedule. This assessment was a joint initiative that provided both parties with a great deal of relevant knowledge. Xedule Xedule...
Xedule
Instructure enhances privacy features in Canvas LMS in collaboration with SURF
SURF has conducted a data protection impact assessment (DPIA) on Canvas LMS. Based on our advice, institutions can continue to use this learning management system. Mitigating measures have been agreed...
Enhanced privacy protections support the provisional recommendation to continue the use of Ans Exam
SURF and Privacy Company have completed a data protection impact assessment (DPIA) of Ans Exam B.V.’s SaaS assessment platform and API. Ans Exam is used by more than 20 Dutch...
Ans Exam
Zoom is making progress in last mitigation steps from DPIA 2024
In April 2024, SURF published an updated DPIA on Zoom Education. The DPIA concluded that there were no more known high data protection risks. Zoom agreed to implement two extra measures...
Zoom
Privacy risks in Osiris addressed in collaboration with SURF
SURF has commissioned a data protection impact assessment (DPIA) on Osiris. The preliminary advice is that institutions can continue to use this student information system as long as they take...
OSIRIS
