AI Resources Guide for IT Teams

Quick Links


AI Best PracticesTechnical Checklist for AISample Policies & Resources

Download AI Resources GuideDownload Technical Checklist for AI


Technical Checklist for AI

Special thanks to the San Bernardino Superintendent of Schools for their work on this checklist.

  • Has the application been vetted by LEA leadership for alignment with instructional and organizations goals?
  • Has the LEA reviewed the vendor’s Terms of Service (TOS) to ensure compliance (i.e., if intended users are students, does the vendor prohibit children un the age of X from using the applications)?
  • Does the LEA have board policy, administrative regulations, and general guidelines regarding the use of AI.
  • Does the staff AUP include guidance about appropriate use of AI, including language about secure and safe data sharing practices?
  • Is the product hosted or on-premises?
  • If hosted, has the vendor signed LEA’s data privacy agreement? If not and unwilling to do so, consider parent waiver.
    • Has the vendor detailed how LEA provided data (user prompts, supplied data, generated output etc.) will be used for training and tuning?
    • Has the vendor confirmed that any user-provided data (user prompts, supplied data, generated output, etc.) will remain the property of the LEA and that no LEA data will be retained past the timeline specified in the privacy agreement and/or terms of service (TOS)? Has the vendor confirmed that any user-provided data (user prompts, supplied data, generated output, etc.) will remain the property of the LEA and that no LEA data will be retained past the timeline specified in the privacy agreement and/or terms of service (TOS)?
    • Does the vendors privacy policy address FERPA, SOPIPA, COPPA, CCPA, and any AI specific laws?
  • If hosted, what firewall and filtering changes will be necessary?
  • If hosted, do you need to make changes to your PAT or NAT pools to ensure on your firewall to ensure uninterrupted access?
  • If hosted, does the application support SSO or federated loggings for easy account management? If not, how will the LEA manage accounts?
  • Are existing user devices compatible with and capable of supporting the application?
  • If hosted, does the application require a cell phone to register an account (ChatGPT)? If so, how will the LEA manage registration? Consider involving HR early to address any bargaining unit issues that may come up from the use of personal devices.
  • If hosted, how is billing handled? PO? Credit card, on an account-by-account basis? If a credit card is the only option, consider involving Purchasing and Business Services to discuss challenges with billing management.
  • If hosted, will users be expected or allowed to provide LEA data when using the application? If yes, how will users access the data?
    • If users are expected or allowed to provide student or staff data when using AI agent, have clear guidelines been established detailing what data is allowed to be shared?
    • SIS/Assessment reports available from user accessible reporting options?
    • Automated regular extracts uploaded at district-level?
      • If yes, did the vendor provide a data map detailing the fields and formats for the data?
    • API-based integrations with specific applications?
      • If yes, are targeted applications compatible? Has the AI vendor detailed what fields will be called and the frequency of the API requests?
      • How will performance of applications be affected by API calls?
  • If on-premises, what are the storage and processing requirements?
  • If on-premises, are there any 3rd party integrations with hosted applications?
    • If so, how will data be exchanged with 3rd party applications?
    • Are 3rd party applications accessing LEA’s student or staff data? If so, have they signed LEA’s privacy agreement?
    • If not, consider parent waiver.
  • How will users be trained on appropriate and effective use of application?
  • If an existing approved and used application adds AI capability, have you checked with the vendor to confirm that current data privacy agreement covers AI features?
    • What data elements of existing approved applications are used by new AI features?
    • Has the vendor confirmed that any user-provided data (user prompts, supplied data, generated output, etc.) will remain the property of the LEA and that no LEA data will be retained past the timeline specified in the privacy agreement and/or terms of service (TOS)?
    • Has the vendor confirmed that any user-provided data (user prompts, supplied data, generated output, etc.) will remain the property of the LEA and that no LEA data will be retained past the timeline specified in the privacy agreement and/or terms of service (TOS)?
  • If students are expected to use the application, how will they access it?
  • How will it be rostered?
    • Google Workspace or M365 integration?
    • Classlink, Clever or other SSO?
    • Nightly extracts/uploads and individualized accounts?
  • Is the use of AI tools covered by student RUP/AUP?
  • How will the system be monitored for appropriate use and/or abuse?
  • Will parents/guardians have access to the student tool?