I have been asked to gather the experiences and implementation of the storage and access of confidential documentation and information stored on school networks.
Do you have a document management system? Or you just have a network share with file permissions? Is it backed up to a separate medium? Do you even know about how to comply with the DPA?
Please let me know here as it is a subject many are watching with interest.
Admin, Staff, and Student shared folders with share-level and filesystem-level permissions on the main shares and subdirectories. Group-based appropriate permissions are reviewed as and when required.
It is backed up to tape along with the rest of the drives on the servers.
Yes we are aware of the DPA.
Our MIS system is SIMS .net and user access is granted as and when needed and with correct permissions set.
Depends on what type of informaton is in question.
Student information is held in Facility CMIS and relevant information is available to the right staff by use of the roles within CMIS. Staff also have access to selected information through Facility E-Portal. All of these systems are passworded in the normal manner, with regular password changes encouraged.
For confidential and highly priveledged information such as staff contracts, pay details etc. these are held in the Business managers and HR managers personal home folders on the network which have the security permissions set accordingly. There are also areas of the public share secured for access only by selected staff for the sharing of this type of information, although generally most of it is shared by e-mail.
For less sensitive information, we have a public share which is accessible by all staff which is used for sharing less sensitive, but still priveledged information such as staff handbooks, timetable information, IEPs etc.
All our data is backed up by a tape backup system, tapes are securely stored in a safe, and a code is required to remove a tape from the drive. A password is also required to perform a restore from the tape, which is known by me and the systems co-ordinator only, but is recorded in the safe in a sealed envelope (slight flaw, but necessary) The server room is also locked and only selected people have access to it.
We are looking at implementing a document server at some point soon to tidy up and streamline our messy document management, but teaching staff and encouraging them to use it might be a big hurdle.
Mike.
Fantastic. just the info I need. Keep it coming guys. Please also note the poll on the homepage.
Ditto.Originally Posted by maniac
All confidential info is on a networked folder with which have the security permissions set accordingly. I need three signatures to change these or give others access (Headmaster, Director of ICT and Myself). Backup (along with CMIS) is seperate from the main & encripted - No details there - sorry!
Ditto.For less sensitive information, we have a public share which is accessible by all staff which is used for sharing less sensitive, but still priveledged information such as staff handbooks, timetable information, IEPs etc.
This and other data is backed up by a tape backup system, tapes are stored in a safe. No password is needed to perform a restore from the tape, but each tape is signed in and out.
There is always one complete backup off site - Weekly
The server room is also locked and only the team, Director of ICT and the Site Manager (No Problems there) have acces to it.
Oh, and I keep an medieval axe and a chopping board in the office for the fingers of people who try to get in the Server room and touch things they have no idea about.
Another quick question is 'who decides what is confidential or not?'.
For us - Headmaster, Director of ICT, Senior Finance Officer and Myself.
Presently we use file permissions for documents or keep the data directly on the MIS and only use it when needed (and then destroyed if required). The MIS has groups allocated so that only the right staff have the right access.
Confidentiality is decided by the Data Controller (me), the Business Manager, the Head or other nominated person in the school (SENCO, Child Protection Officer, etc) based on Govt legislation or LA policy (or common sense when no guidance or laws stipulate control!)
This is proving interesting. I'm doing the introduction to this seminar, are there any open questions any of you want to raise in a public forum about questions you have about the DPA?
How does DPA and relevant guidance (see thread about flat networks) change how schools may plan, structure, deploy and maintain their networks?
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks