+ Post New Thread
Results 1 to 8 of 8
MIS Systems Thread, guidance on remote access for an external person in Technical; Hi, A quick plea for any guidance BECTA NAACE etc... I have been asked to allow someone from another school ...
  1. #1
    Marshall_IT's Avatar
    Join Date
    Jul 2011
    Location
    Leeds
    Posts
    473
    Thank Post
    73
    Thanked 57 Times in 48 Posts
    Blog Entries
    1
    Rep Power
    17

    Exclamation guidance on remote access for an external person

    Hi,

    A quick plea for any guidance BECTA NAACE etc...

    I have been asked to allow someone from another school remote access to our MIS system to allow them to prepare some training for our staff.

  2. #2
    BKGarry's Avatar
    Join Date
    Mar 2006
    Location
    Kent
    Posts
    916
    Thank Post
    93
    Thanked 119 Times in 96 Posts
    Rep Power
    47
    I would ask the Head to sign off on it, with a clear outline of the risks that could be involved and the DPA, and also get the other person to sign off about the information and the username and passwords and make sure they are shut down totally after a certain period.

    Ultimately the Head and Governors are responsible for anything under the data protection act

  3. #3

    fiza's Avatar
    Join Date
    Dec 2008
    Location
    London
    Posts
    2,121
    Thank Post
    413
    Thanked 313 Times in 264 Posts
    Rep Power
    152
    Why do they need access to live data? Could you not set up a dummy database?
    We have done this for training purposes before.

  4. #4
    Marshall_IT's Avatar
    Join Date
    Jul 2011
    Location
    Leeds
    Posts
    473
    Thank Post
    73
    Thanked 57 Times in 48 Posts
    Blog Entries
    1
    Rep Power
    17
    Thanks guys, I don't think a dummy database will do as this training is to be tailored to our exact requirements.

    What i'm thinking of doing is getting the person to sign our AUP for remote access and asking for their eCRB.
    Oh and obviously getting it signed off by the head.

  5. #5
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    893
    Thank Post
    84
    Thanked 235 Times in 194 Posts
    Rep Power
    82
    You MUST notify your Data Protections Officer. If they deem it a no-no then that's it, end of story. You're exposing sensitive private data to someone outside of the bounds of control of your company / school. If you do so without formally getting approval of your DPO, then your job is on the line for neglect of duty. A written contract will be required stating explicitly how they may use the data. Whoever it is that you're granting access to must also be registered with the ICO as a Data Controller.
    Last edited by Marci; 14th June 2013 at 01:17 PM.

  6. #6
    rpwillis's Avatar
    Join Date
    Aug 2007
    Location
    SalamanderSoft Ltd
    Posts
    177
    Thank Post
    43
    Thanked 61 Times in 49 Posts
    Rep Power
    26
    Quote Originally Posted by Marshall_IT View Post
    What i'm thinking of doing is getting the person to sign our AUP for remote access and asking for their eCRB.
    Oh and obviously getting it signed off by the head.
    They may not have enchanced disclosure. You can only get an enhanced disclosure if you physically work with children on a weekly basis. And I think that it needs to be the same location as well. If you have access to all pupils information electronically, but don't physically work with them then you are not eligible for an enhanced disclosure.

  7. #7

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,458
    Thank Post
    646
    Thanked 1,614 Times in 1,444 Posts
    Rep Power
    419
    Quote Originally Posted by Marci View Post
    Whoever it is that you're granting access to must also be registered with the ICO as a Data Controller.
    Why?

    Ben

  8. #8
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    893
    Thank Post
    84
    Thanked 235 Times in 194 Posts
    Rep Power
    82
    Hmmm... thinking about it, no he probably wouldn't as his employer (the school) would be registered already as long as the training was booked with his employer rather than him as an independant, but as far as I understand it anyone handling / processing personal data has to be registered with the ICO. eg: If he was going to perform an analysis of the data contained in the MIS in order to tweak training to suit, that would constitute processing by a 3rd party.
    Last edited by Marci; 14th June 2013 at 01:57 PM.

SHARE:
+ Post New Thread

Similar Threads

  1. Remote access for staff and students
    By ITWombat in forum How do you do....it?
    Replies: 11
    Last Post: 14th December 2009, 11:33 AM
  2. Replies: 1
    Last Post: 23rd October 2009, 08:53 AM
  3. remote access for sims
    By cjohnsonuk in forum MIS Systems
    Replies: 10
    Last Post: 27th March 2008, 12:28 AM
  4. Remote Access for Staff
    By Grommit in forum Windows
    Replies: 10
    Last Post: 16th January 2007, 09:09 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •