Disease Posted December 12, 2007 Report Posted December 12, 2007 They want us to open up sims in the classroom so teachers can enter registers into sims in class. Now what data as a school do you allow teachers access to, do you allow all teachers to view name address' and contact phone numbers?
Joanne Posted December 12, 2007 Report Posted December 12, 2007 we do on CMIS. most of the time teachers ring the parents to talk about the pupils and stuff. they need to be careful though about showing any of the data over the projector!
Domino Posted December 12, 2007 Report Posted December 12, 2007 ours can access pupil assement and attendance records, but no personal data - only office staff can do that.
Tiger Posted December 12, 2007 Report Posted December 12, 2007 In technical terms you are simply opening SQL port to 'insecure' are of the school. This means being open to 'man in the middle' attack' and the likes as hackers gold mine. You need to consider if your Head or bursar would be happy with data security risks of this nature and hence infinging Data Protection Act. Hence consider systems that do not rely on you to open SQL port or 'Port 80' to the curriculum network and hence keep it isolated from Admin Network. Domino: "ours can access pupil assement and attendance records, but no personal data - only office staff can do that. " Yes, but for any data you need to open SQL port to the curriculum network - right? You need to avoid 'flat network' to comply to BS7799 data security standard. This is how we approaching the issue.
zag Posted December 12, 2007 Report Posted December 12, 2007 We just ask the staff to request it from the school admin office and they give an immediate answer. I don't see any reason for teachers to have access to pupil information in classrooms.
Butuz Posted December 12, 2007 Report Posted December 12, 2007 Our teachers just have "Classroom Teacher" group which means they can take registers and view pupils and staff but NOT view any details such as address / equality / race / etc Andrew
Bromcom_John Posted December 12, 2007 Report Posted December 12, 2007 Our own registration product Winfolder allows teachers to view the pertinent student information (which will be retrieved from SIMS in a school with both systems) Home address salutation SEN details Medical needs etc. But comes equipped with a facility to hide the information to prevent embarassing (and potentially DPA breaching) scenario's with projectors etc. It also runs the communication through a non-standard port to the Bromcom server, which is behind the firewall, and the SQL comms goes from there. That way you aren't holding the SQL ports open to attack. As Tiger states there is always going to be a concern with the opening of ports for the communication of said data due to the risk of malicious attack. Make sure you look very carfeully at the configuration of firewalls etc. to minimise the risk.
russdev Posted December 12, 2007 Report Posted December 12, 2007 need to avoid 'flat network' to comply to BS7799 data security standard. This is how we approaching the issue. I not sure about standard but can’t see need for two separate networks. Ws security can be maintained by right network settings etc. We are fairly confidant part from user error (leaving machines logged on or worst staff letting users sue there staff login) that security can be maintained. Also out of interest where in standard does it say must have separate network etc. Russell
GrumbleDook Posted December 12, 2007 Report Posted December 12, 2007 We have had the discussion about flat networks, methods of separation, etc in a different thread. This is not what the OP has asked for. Please keep the thread on topic. We see the need for teaching staff access into SIMS for entering grades for reports, target setting with students, the ability to contact parents when required. There would be additional admin costs if all of this was passed through a member of the office staff as well as being extremely inconvenient for the teachers. We are looking at electronic registration again soon and this is also requires access into SIMS. Staff have guidelines to follow when accessing data in 'public' areas of the school (ie not in staff-only areas) including not having the laptops hooked up to the projector when accessing SIMS (freezing the image is an acceptable alternative), not allowing students to sit in front of the computer when looking at another student's details, and so on. We do give staff access to see contact details of students, prior attainment, prior schools and their timetable. They cannot access information about other staff unless expressly permitted to, but we are looking into how granular we can make this.
Tiger Posted December 12, 2007 Report Posted December 12, 2007 GrumbleDook: " We have had the discussion about flat networks, methods of separation, etc in a different thread. This is not what the OP has asked for. " Yes, but the orignal question is: Disease: "They want us to open up sims in the classroom so teachers can enter registers into sims in class. " Some now asking a differnt question on a policy issue ie whether teachers should access such info in first place ie even on admin network. What I highlighted is that to allow classroom access (assuming on curriculum network) data security is at very high risk because you can only do this if SQL port being open to curriculum network. With some software like SIMS you need to make a choice between opening access to curriculum network or security. You can not have the cake and eat it. :-( And this is where 'flat network' comes in and yes there is a thread on this as GrumbleDook rightly points out.
russdev Posted December 12, 2007 Report Posted December 12, 2007 Sorry my fault going off topic Russell
dhicks Posted December 12, 2007 Report Posted December 12, 2007 I don't understand why the SQL server port has to be open at all. Doesn't the SIMS client do all its communication with the database via the SIMS server? Our SIMS MSSQL database and SIMS itself are on the same machine, so SIMS could communicate with the server with some other (probably faster) method. If your MSSQL database is on a seperate machine, can't you tell that machine (or database) to only accept connections from certain machines? If that facility isn't built into WIndows/MSSQL, could you use a VPN system of some kind to implement it? > They want us to open up sims in the classroom so teachers can enter > registers into sims in class. Now what data as a school do you allow > teachers access to, do you allow all teachers to view name address' > and contact phone numbers? I suppose it depends on the register system at your school. Systems I've had experience with generally involve the teacher marking pupils present or absent, then those values being sent (electronically, or on paper) to the front office who then do the contacting parents bit to chase up any unexpected absences. Teachers wouldn't need contact details in this case, just a list of expected pupils. -- David Hicks
russdev Posted December 12, 2007 Report Posted December 12, 2007 To be honest can;t see there being big issue of staff having access to contact details of students as it is needed for their job yes could get details by phoning office staff. An example before every change on the server head could say that you must consult slt first but that is not very practical and same argument for staff see student details etc. The Main thing is making sure that staff do not leave machines unlocked etc etc Russell
Tiger Posted December 12, 2007 Report Posted December 12, 2007 russdev: "To be honest can;t see there being big issue of staff having access to contact details of students as it is needed for their job yes could get details by phoning office staff. " Sorry Russ, I think you missed the point. The question is should Admin Server SIMS SQL port is open to be accesible to PCs in classrooms (ie curriculum network) hence security risk that it carries. I say no!!!
GrumbleDook Posted December 13, 2007 Report Posted December 13, 2007 This was a polite pointer to stick to the OP's question. I *will* split the thread if needed. Yes, there is a valid discussion to be had but see below. GrumbleDook: " We have had the discussion about flat networks, methods of separation, etc in a different thread. This is not what the OP has asked for. " Yes, but the original question is: Disease: "They want us to open up sims in the classroom so teachers can enter registers into sims in class. " No ... the above is a statement, call me a pedant but the question was... Now what data as a school do you allow teachers access to, do you allow all teachers to view name address' and contact phone numbers? This is still a question that is highly related to the DPA but due to different issues (At this point everyone should dig out their copy of the data protection principles.) If you wish to discuss port vunerabilities and vectors of attack on 'flat networks' then do so in a separate thread.
Disease Posted December 13, 2007 Author Report Posted December 13, 2007 As the OP I can confirm that Grumbledook is correct I only want to know what data you allow the teachers to see i.e address etc, I have a split network and require no advice on the pro's and cons of split networks. Hope that helps :)/
dhicks Posted December 13, 2007 Report Posted December 13, 2007 Okay, new topic started. -- David Hicks
GrumbleDook Posted December 13, 2007 Report Posted December 13, 2007 The topic has been split, as warned. Please continue the discussions in both threads ... but keep it to the relevant thread. By order of the Management!
kxv2020 Posted December 13, 2007 Report Posted December 13, 2007 Teachers do have access to Names, Address, Telephone of Numbers of students - they would be given access to paper based information so they should be allowed it electronically.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now