1 - 29 / Information Security Management System (ISMS) 1 - 29 Information...Page 1 of 2 Chinook’s Edge School Division No. 73 - Administrative Procedures AP 1 – 29 Information Security Management System Classification: General ...

Download 1 - 29 / Information Security Management System (ISMS)  1 - 29 Information...Page 1 of 2 Chinook’s Edge School Division No. 73 - Administrative Procedures AP 1 – 29 Information Security Management System Classification: General ...

Post on 09-Mar-2018

218 views

Category:

Documents

5 download

TRANSCRIPT

  • Page 1 of 2

    Chinooks Edge School Division No. 73 - Administrative Procedures

    AP 1 29 Information Security Management System

    Classification: General Administration Effective Date: 2014 Jan

    Sponsor/Contact: Associate Superintendent System Services Last Reviewed: 2013

    Exhibits: none

    PURPOSE

    To ensure information confidentiality and information integrity is based on recommendations contained in ISO27001 and the Government of Alberta School Technology Framework. SCOPE

    This procedure outlines information security management practices that will be employed by the Superintendent or designate and will affect all parties using the Divisions information systems including, but no limited to, students, parents, employees, contractors, partner organizations, volunteers, and the Board of Education. DEFINITIONS

    Information is any information owned by or under control of Chinooks Edge School Division. This includes information that is stored, in use or at rest on the Divisions information systems, as well as information in transit across the Divisions digital networks. Further, it includes the entire lifecycle of information from the informations creation or acquisition to its disposal. Information Security Management is the process of protecting information from unauthorized access or manipulation and designed to protect information, staff, students and the Divisions reputation. ISO27001 Standard is a code of practice for information security management. PROCEDURES

    1. The Superintendent or designate shall develop and implement appropriate and practicable technology procedures which: a. Protect the organizations information assets from all threats both internal and external. b. Provide direction and support for information security. c. Define and designate responsibilities to all users of the Divisions information systems. d. Foster stakeholder confidence by acting in accordance with security standards. e. Establish regular review of measurable security objectives at relevant functions and levels of the

    organization. f. Comply with business and legal regulatory requirements and contractual security obligations. g. Provide systems for protection against unauthorized access. h. Ensure confidentiality of data. i. Create mechanisms to identify and review the risk and impact of breaches in protected information

    versus the needs of staff and student learning. j. Outline the steps for reporting breaches of security.

    2. The Superintendent or designate shall develop and maintain strategies based on specific risk assessments to

    maintain critical learning and business functions in the event of any significant disruption to critical services, system or facilities.

  • Page 2 of 2

    3. The Superintendent or designate shall ensure that all employees are made aware of the need for security to a level commensurate with their role. The Superintendent or designate shall ensure that applicable information security management procedures and guidelines will be accessible to all users and that users are made aware of changes.

    4. The Superintendent or designate may access usage history and monitor use, of information systems including, but not limited to, email and internet, if he or she deems those actions are necessary to carry out his or her duties outlined in this Procedure.

    5. The Superintendent or designate shall assess risks to the Divisions information systems and manage these risks in accordance with the Government of Alberta School Technology Framework.

    6. The Superintendent or designate shall monitor all Chinooks Edge School Division employees to ensure they adhere to all legislation pertaining to information storage and processing including, but not limited to, Alberta Freedom of Information and Privacy Act (FOIP), Personal Information Protection Act (PIPA) and Alberta Human Rights Act.

    7. The Superintendent or designate shall communicate all pertinent technology procedures to all parties using the Divisions information systems.

    8. The Superintendent or designate shall consult with all technology committees, technology advisory groups, and the Technology Services staff prior to implementing or changing Technology procedures.

    REFERENCES Alberta School Technology Framework replace with Learning and Technology Policy Framework (2004) - http://education.alberta.ca/admin/technology/standards.aspx Alberta Freedom of Information and Privacy Act Personal Information Protection Act Alberta Human Rights Act HISTORY Approved: 2014 Jan 7

    http://education.alberta.ca/admin/technology/standards.aspx

Recommended

View more >