Policies and Procedures vs. Good Practice

[Gongalong]

Hi folks,

We're reviewing some of the IT policies and procedures we have in place (we're a comprehensive), which aren't a great deal, and just the whole topic of good practice and training in this area.

So far we have:

Staff AUP
Student AUP
Data Protection Policy (just implemented)

We also have a number of documents that are issued with laptops, including something that's signed to indicate receipt.

We're looking at getting staff trained on the DPA and FoIA.

Is anyone happy to reveal what policies, procedures, and/or training they have in place and/or whether there's any statutory requirement? Does anyone have a Password Policy and/or Procedure?

TIA

[elsiegee40]

With regard to training, at my school every new member of staff who is likely to encounter the kids is given induction training. This is called "ICT, Data and You" and subtitled "Safeguarding Children, Protecting YOU"

It covers:

• How people use computers: Shopping, Research, Gaming, Social Networking, Email, Music... including an explanation that the children use all of them... even the shopping. (research with our Year 5 and 6 revealed alarming numbers used their parents' cards and/or paypal accounts themselves online)
• The difference between Internet Chat, Email, Forums and Social Networking
• How can you be certain that the person you are communicating with is who you actually think they are? (Answer you can't unless there's a web cam involved)
• What is on the internet and about you? How do you find out and what can you do about it?
• Privacy settings - why you should limit friends and what people can see.
• Where to get help: Internet sites, CEOP report...
• Outline of which policies are Safeguarding
• Reminder of what to do if something is a Child Protection issue
• Outline of AUP and why it's there
• Outline of DPA and Copyright... including responsibilities and penalties

Everyone gets this BEFORE they get given the AUP to sign. It takes about an hour. I explain that I'm perfectly happy to take queries at any time on anything that concerns them

Refresher training is done bi-annually via inset with top ups on specific subjects as requested by the Head. This year I went in to do Passwords, discussing LastPass and a strategy for making harder passwords to guess. I've attached the document I circulated concerning passwords.

I sell the main training very much from the point of view of protecting your professional identity... and your arse... and by the way it also helps with Safeguarding the kids. Staff seem much keener on it when they realise their own careers are at stake.

Password Creation.pdf

[Gongalong]

Thanks for the detail. Much appreciated.