Data & Network Resources Security
Revised June 2011
Risk Assessment
The electronic network utilized by faculty, students, and staff of the Paideia School must be protected from unlawful invasion and malicious destruction. Data gathered to document student performance, staff functions, communications, and business activities provokes a necessary need for protection and assurance of accuracy.
The Family Educational Rights and Privacy Act mandates educational agencies adopt adequate security policies with regard to student records or personally identifiable information regarding any student. In Georgia, the right to privacy is a fundamental right protected by the state constitution and federal statutory law.
Records with regard to mental health communications, child abuse records, child drug abuse records, and AIDS records are all protected as confidential under various state and federal laws. Therefore, the Paideia School herein documents detailed policies and plans to protect electronic records and systems of operation. Systems shall include but shall not be limited to the wide area network, servers, computers, software, e-mail, student performance records, staff records, and any other means of electronic transmission.
Assessment of Vulnerability
All physical facilities shall be reviewed for proper security (door locks, alarm systems, etc.). Passwords shall be assigned for both student and staff access to appropriate communication/network access. Passwords shall not be visible or adjacent to any computer on the network, i.e. sticky note on monitor or under keyboard.
The Paideia School network shall be protected from the Internet by a firewall. Limited access through the firewall will be provided. Appropriate software for detection of password changes and lessening of network security measures shall be maintained.
Data to be Protected
All student data shall be protected. Should data become corrupt or manipulated, any performance judgments regarding students or the school system would be deemed unusable. Hardware and software used for electronic means in the system must be protected as well. Virus protection software must be maintained and up-to-date at all times. Access to servers and network administration areas shall be limited to appropriate personnel only.
Software shall not be copied for personal use and all software utilized in the system shall have proper licensing prior to use. Copying software violates copyright laws.
Staff and student folders stored on servers or other electronic storage devices shall have separate areas, servers, and/or access. All access shall be through properly assigned passwords.
Further, all access to the Internet shall follow the guide of the Children's Internet Protection Act and the acceptable use policies as established by the Paideia School.
Access Issues
All student data shall be accessible only by authorized personnel. Likewise, all personnel records shall be accessible only by authorized personnel. Data integrity shall be maintained to ensure accuracy of all data and reporting.
Business Continuity
All data shall be backed up daily and system data backed up twice each week. One set of weekly data tapes shall be stored in a fireproof vault. The second set of tapes will be stored in a secure location offsite.