Why are ICT policies necessary?
SSIS is dependent on its technology resources and the information that is accessed via those resources. Much of that information is provided by means of our data network and the Internet. While these networks, local and worldwide, offer invaluable opportunities for sharing information and for working more efficiently, they also offer potential windows and doors into the data, e-mail accounts, and other valuable and often confidential information. We all share a responsibility to operate our systems in a way that minimizes the vulnerability to our learning, teaching, and administrative work.
Additionally, we are all dependent on the proper allocation and management of those human resources that support us in the use of technology. All of the policies contained in this document have as their goal the maximizing of access to these technology resources, and the maximizing of the availability of these human resources.
Specifically, each policy addresses one or more of the following imperatives:
- The need to maximize the available technical support,
- The need to prevent compromise of SSIS’s computers and servers owing to non-authorized access or interference,
- The need to safeguard SSIS’s documents and data,
- The need to safeguard SSIS’s physical resources (computers, peripherals, printers, etc.),
- The need to ensure maximum availability of SSIS’s network and server resources, and thereby ensure maximum access to e-mail, the Web, data stored on servers, etc.
- The need to avoid exposure of the school to legal action by vendors or individuals.
In the text that follows, one or more letters will follow each policy that best identifies the end served by the particular policy. It is hoped that this explanation will make these policies somewhat easier to live with.
1. Configuration of Personal Computers
(A,B,C,E,F) see introduction
Because improper configuration of a personal computer on the SSIS network can constitute vulnerability for the School’s data and network, the ICT Department is charged with ensuring the appropriate configuration of these systems, and will make changes to the configuration of these systems when necessary to minimize these vulnerabilities.
2. Personal items and school equipment
(A,B,C,E,F) see introduction
Personal technology items (e.g. digital cameras, palm pilots, computers, scanners) are not serviced, or supported by SSIS. The school is not responsible for damage to, or repair of personal technology equipment.
SSIS purchases technology for the purpose of improving our students’ educational experience. Using technology to improve management, teacher efficiency, and staff production is vital to improving the educational environment.
It is important to remember that SSIS technology is not the property of the employee. Access to computer settings and certain computer usage is restricted to protect the school as well as the employee and to ensure the equipment operates correctly. Computer equipment, software, e-mail, and Internet access is provided by the school and will be treated as the property of the school.
3. Software Licensing Policies
(F) see introduction
Particular care must be taken to ensure the lawful use of SSIS software. Virtually all commercially developed software is copyrighted, and the school may use it only according to the terms of the license that SSIS obtains. Copying, removal or transfer of such software without authorization is prohibited. SSIS software may not be copied and used on a home computer except for school business, and then only when the license allows such use. Individuals who violate either the license or the copyright of school software are answerable to SSIS and also may be legally liable to the license issuer or copyright holder.
SSIS attempts to properly respect software licensing. In instances where it is expected that software will be utilized by a significant number of individuals at the school, the ICT Department negotiates appropriate licenses, enabling the school to allocate fiscal resources as efficiently as possible. In instances where the ICT has assumed responsibility for acquisition and allocation of licensed software, the ICT will deploy software to various individual computers and individuals as the terms of the license dictate. All software purchases and installation must be performed by the SSIS ICT Department.
4. The Role of the Individual Regarding Information and Network Security
(A,B,C,D,E) see introduction
There are many threats to the security of information and the integrity of data networks at SSIS and elsewhere, including viruses, hackers, and unauthorized persons. At SSIS, users are responsible for appropriate management of access information such as passwords. Passwords should be changed regularly, and should not be easily guessable. Ideally, they should combine letters, numbers, and special characters (!, #, %, etc., replacing the letter s with $, the letter o with the digit 0, etc. ) in a way that means something to the user, but would be difficult for others to guess. Passwords should not be written where others could discover them.
When an employee is leaving the office for the day, the desktop system should always be shut down. If the system is not shut down at the end of the day, information belonging to the school is left vulnerable to anyone who is able to access the work area.
The ICT Department does everything in its power to prevent viruses from entering the SSIS network. Measures taken include virus scanners on the desktop computers, file servers, and email servers. However, users still need to be vigilant about protecting themselves from viruses, such as downloading suspicious files and opening suspicious attachments (even if from friends or relatives!). Under no circumstances should a user ever disable a virus scanner on his workstation.
5. Privacy of Information Stored on School Equipment
(B,C,D,E) see introduction
While members of SSIS may make incidental personal use of the school’s technology resources in accordance with the guidelines set forth above, there is no expectation or right of privacy in personal information stored on SSIS facilities because systems operators, supervisors, and other SSIS officials may need to review such files in order to locate information, maintain the system, or administer this or other school policies. With respect to information stored in electronic form, members of the school should, whenever possible, observe the same rules of courtesy and privacy that they observe with respect to other forms of information storage such as paper files. Just as it ordinarily would be inappropriate for one staff member to look through the drawers of another staff member’s desk, one staff member should not look through the contents of another staff member’s computer or through the contents of any other computer for which the staff member is not authorized to have access. However, systems managers and other school officials with responsibility for an activity have the right to access the contents of computers and other electronic communications facilities used in that activity when necessary for school business.
6. Backup Procedures and Policies
(A,C,E) see introduction
Each weekday evening the Systems Administrators backup SSIS’s various administrative databases, network directories, and e-mail storage systems.
The purpose of such backups is twofold: to protect the school in the event of a catastrophic failure of one or more hardware devices, resulting in the loss of a large amount of online information; and to protect the school in the event of an inadvertent or unauthorized deletion of a specific file or database.
Please note that if a document or file was created and deleted on the same day, it will not have been backed up, and hence will not be recoverable.
6a. Backup of Email
Email is backed up to protect the community from a catastrophic failure of the storage media, i.e., a loss of the entire email storage system. The ICT Department does not restore email messages for individual users unless the ICT has reason to believe that the loss was caused by a system failure or the negligence of an ICT staff member.
6b. Network File Storage
SSIS does not maintain long term backups of data stored on network file servers. In the case of lost data or a lost document, it is important to notify the Help Desk as early as possible so that the ICT Department technicians can attempt data restoration. It is important to realize that too long a delay in notifying the Help Desk of the loss may mean that data is no longer recoverable. It is important therefore for all faculty, staff and students to do their own backup of data and documents on faculty servers.
6c. Backup of Information Stored on Local Hard Drives (classroom computers)
Information stored on the local hard drives of desktop systems throughout the school is not backed up. It is important therefore for all faculty and staff to do their own backup of data and documents on local hard drives
The school accepts no responsibility and expressly excludes liability to the fullest extent permissible by law for:
- The malfunctioning of any ICT facility or part thereof, whether hardware, software or other;
- The loss of any data or software or the failure of any security or privacy mechanism.