1 - 29 / information security management system (isms) 1 - 29 information...page 1 of 2 chinook’s...
Post on 09-Mar-2018
Embed Size (px)
Page 1 of 2
Chinooks Edge School Division No. 73 - Administrative Procedures
AP 1 29 Information Security Management System
Classification: General Administration Effective Date: 2014 Jan
Sponsor/Contact: Associate Superintendent System Services Last Reviewed: 2013
To ensure information confidentiality and information integrity is based on recommendations contained in ISO27001 and the Government of Alberta School Technology Framework. SCOPE
This procedure outlines information security management practices that will be employed by the Superintendent or designate and will affect all parties using the Divisions information systems including, but no limited to, students, parents, employees, contractors, partner organizations, volunteers, and the Board of Education. DEFINITIONS
Information is any information owned by or under control of Chinooks Edge School Division. This includes information that is stored, in use or at rest on the Divisions information systems, as well as information in transit across the Divisions digital networks. Further, it includes the entire lifecycle of information from the informations creation or acquisition to its disposal. Information Security Management is the process of protecting information from unauthorized access or manipulation and designed to protect information, staff, students and the Divisions reputation. ISO27001 Standard is a code of practice for information security management. PROCEDURES
1. The Superintendent or designate shall develop and implement appropriate and practicable technology procedures which: a. Protect the organizations information assets from all threats both internal and external. b. Provide direction and support for information security. c. Define and designate responsibilities to all users of the Divisions information systems. d. Foster stakeholder confidence by acting in accordance with security standards. e. Establish regular review of measurable security objectives at relevant functions and levels of the
organization. f. Comply with business and legal regulatory requirements and contractual security obligations. g. Provide systems for protection against unauthorized access. h. Ensure confidentiality of data. i. Create mechanisms to identify and review the risk and impact of breaches in protected information
versus the needs of staff and student learning. j. Outline the steps for reporting breaches of security.
2. The Superintendent or designate shall develop and maintain strategies based on specific risk assessments to
maintain critical learning and business functions in the event of any significant disruption to critical services, system or facilities.
Page 2 of 2
3. The Superintendent or designate shall ensure that all employees are made aware of the need for security to a level commensurate with their role. The Superintendent or designate shall ensure that applicable information security management procedures and guidelines will be accessible to all users and that users are made aware of changes.
4. The Superintendent or designate may access usage history and monitor use, of information systems including, but not limited to, email and internet, if he or she deems those actions are necessary to carry out his or her duties outlined in this Procedure.
5. The Superintendent or designate shall assess risks to the Divisions information systems and manage these risks in accordance with the Government of Alberta School Technology Framework.
6. The Superintendent or designate shall monitor all Chinooks Edge School Division employees to ensure they adhere to all legislation pertaining to information storage and processing including, but not limited to, Alberta Freedom of Information and Privacy Act (FOIP), Personal Information Protection Act (PIPA) and Alberta Human Rights Act.
7. The Superintendent or designate shall communicate all pertinent technology procedures to all parties using the Divisions information systems.
8. The Superintendent or designate shall consult with all technology committees, technology advisory groups, and the Technology Services staff prior to implementing or changing Technology procedures.
REFERENCES Alberta School Technology Framework replace with Learning and Technology Policy Framework (2004) - http://education.alberta.ca/admin/technology/standards.aspx Alberta Freedom of Information and Privacy Act Personal Information Protection Act Alberta Human Rights Act HISTORY Approved: 2014 Jan 7http://education.alberta.ca/admin/technology/standards.aspx