|Oregon-Davis School Corporation|
|Bylaws & Policies|
8305 - INFORMATION SECURITY
The School Corporation collects, classifies, and retains data/information from and about students, staff, vendors/contractors, and other individuals, about programs and initiatives undertaken by the school system, and about and related to the business of the Corporation. This information may be in hard copy or digital format, and may be stored in the Corporation or offsite with a third party provider.
Protecting Corporation data/information is of paramount importance. Information security requires everyoneís active participation to keep the Corporationís data/information secure. This includes School Board members, staff members/employees, students, parents, contractors/vendors, and visitors who use Corporation Technology and Information Resources.
Individuals who are granted access to data/information collected and retained by the Corporation must follow established procedures so that the information is protected and preserved. Board members, administrators, and all Corporation staff members, as well as contractors, vendors, and their employees, granted access to data/ information retained by the Corporation are required to certify annually that they shall comply with the established information security protocols pertaining to Corporation data/information. Further, all individuals granted access to Corporation Confidential Data/Information retained by the Corporation must certify annually that they will comply with the information security protocols pertaining to Confidential Data/Information. Completing the appropriate section of the Staff Technology Acceptable Use and Safety form shall provide this certification.
All Board members, staff members/employees, students, contractors/vendors, and visitors who have access to Board-owned or managed data/information must maintain the security of that data/information and the Corporation Technology Resources on which it is stored.
If an individual has any questions concerning whether this policy and/or its related administrative guidelines apply to him/her or how they apply to him/her, the individual should contact the Corporationís Technology Director or Information Technology Department/Office.
The Board authorizes the Superintendent to develop administrative guidelines that set forth the internal controls necessary to provide for the collection, classification, retention, access, and security of Corporation Data/Information. Further, the Superintendent is authorized to develop procedures that would be implemented in the event of an unauthorized release of data/information. These procedures shall comply with the Corporationís legal requirements if such a breach of personally-identifiable information occurs.
The Superintendent shall require the participation of staff members in appropriate training related to the internal controls pertaining to the data/information that they collect, to which they have access, and for which they would be responsible for the security protocols.
Third-party contractors/vendors who require access to Corporation Confidential Data/Information will be informed of relevant Board policies that govern access to and use of Corporation Information Resources, including the duty to safeguard the confidentiality of such data/information.
Failure to adhere to this Policy and its related administrative guidelines ("AGs") may put Corporation data/information at risk. Employees who violate this policy and/or the administrative guidelines promulgated consistent with this policy may have disciplinary consequences imposed, up to and including termination of employment, and/or referral to law enforcement. Students who violate this Policy and/or AGs will be referred to the Corporationís disciplinary system and/or law enforcement. Contractors/vendors who violate this Policy and/or AGs may face termination of their business relationships with and/or legal action by the Corporation. Parents and visitors who violate this Policy and/or AGs may be denied access to Corporation Technology Resources.
The Superintendent shall conduct a periodic assessment of risk related to the access to and security of the data/information retained by the Corporation, as well as the viability of the Continuity of Organizational Operations Plan developed pursuant to Policy 8300.
© Neola 2017