+ Post New Thread
Results 1 to 7 of 7
How do you do....it? Thread, Secure system for Child Protection in Technical; We have 3 child protection officers in school who would like to use electronic forms of sharing/storage/communicating. Obviously this is ...
  1. #1

    Join Date
    Mar 2009
    Location
    West Yorkshire
    Posts
    67
    Thank Post
    12
    Thanked 6 Times in 6 Posts
    Rep Power
    16

    Secure system for Child Protection

    We have 3 child protection officers in school who would like to use electronic forms of sharing/storage/communicating.

    Obviously this is a hugely sensitive area that needs to be very secure.

    I am thinking of a folder on the network, which only the staff members involved can access (NTFS permissions) which then contains a folder/file which can be encrypted by them using software installed on specific PCs. Only they would know the passphrase.

    Also, is there an existing software solution for this kind of scenario (very secure record history) that could be used as well as or instead of?

    Bear in mind that they may need to access the data at the same time.

    Thanks

  2. #2


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,475
    Thank Post
    867
    Thanked 850 Times in 672 Posts
    Rep Power
    196
    Might be worth looking at truecrypt.
    According to the FAQ it doesn't mind networks TrueCrypt - Free Open-Source Disk Encryption - Documentation - Sharing Over Network

  3. #3

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,258
    Thank Post
    671
    Thanked 1,644 Times in 1,466 Posts
    Rep Power
    424
    what MIS system do you have in place? I would have thought this should be used as it would provide you with your audit needs?

    Ben

  4. #4

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,953
    Thank Post
    1,347
    Thanked 1,800 Times in 1,118 Posts
    Blog Entries
    19
    Rep Power
    597
    There are a few other things to consider as well.

    The computer should not be in an area where the screen is readily viewable by unauthorised people. This can be sorted by the simple use of blinds on windows, screen filters to restrict viewing, placing the desk so the user backs onto a wall with no windows. It may sound like common sense but is an important factor and with the ContactPoint coming to schools there will be the same recommendations there. Prevention of use of USB keys might also be an important item on these machines or for these users.

    Also consider things like password protection on the screen saver, getting the staff into the habit of locking the desktop even when they get up to go into the next room (Windows+L) and printing to a printer they can see or a printer that has a 'locked print' function (ie most network print stations . copiers).

    EFS / TrueCrypt / BitLocker are all pretty good ... but the Becta guidelines really point to requiring an audit trail so you can see who accessed what and when. This can get a tad expensive so you might need to get the Head and Chair of Governors to accept this as a managed risk.

  5. #5

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,942
    Thank Post
    1,199
    Thanked 1,071 Times in 762 Posts
    Rep Power
    330
    @chinesewhispers :

    Have already done this using truecrypt and it works flawlessly and have made it so only 3 people can log in to it from anywhere in the school as long as it is with their login credentials for digital fingerprinting.

  6. Thanks to bossman from:

    webman (20th October 2009)

  7. #6

    Join Date
    Mar 2009
    Location
    West Yorkshire
    Posts
    67
    Thank Post
    12
    Thanked 6 Times in 6 Posts
    Rep Power
    16
    We use Facility CMIS as the MIS, I have asked the Systems Manager, but they are not sure. Bear in mind that ideally, even the systems manager wouldn't be able to access this information.

    Each of the users has their own lockable office.

    bossman, care to share a little more info, I had already looked at the Truecrypt documentation linked to here by Tom, but didn't quite understand the options. Do you use method 1 or method 2? Method 2 led me to believe that the data would be read-only, and how do you restrict access using method 1?

    Thanks

  8. #7

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,953
    Thank Post
    1,347
    Thanked 1,800 Times in 1,118 Posts
    Blog Entries
    19
    Rep Power
    597
    I would not worry about the System Manager not being able to access the information. There are certain positions of trust within the school and this should be reflected in the job description. The same way that the site supervisor / caretaker has keys that can open the head's office the SysAdmin can have complete control over anything IT related. The fact that there is not enough hours in teh day to go into each individual file and see what is in there is beside the point ... trust and respect.

    This is why I mentioned about software which will perform audit trails too ... it means you can show who has accessed what and when. If they are that bothered then cough up the cash for an ultra-secure system.

SHARE:
+ Post New Thread

Similar Threads

  1. Child Protection e-mail issue
    By olivarrr in forum Internet Related/Filtering/Firewall
    Replies: 10
    Last Post: 17th July 2009, 11:54 AM
  2. Email monitoring and DPA/child protection question
    By Ben_Stanton in forum How do you do....it?
    Replies: 4
    Last Post: 21st June 2009, 12:26 PM
  3. Replies: 10
    Last Post: 5th July 2008, 10:55 PM
  4. Child protection web site.
    By tickmike in forum Links
    Replies: 3
    Last Post: 14th February 2007, 06:18 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •