SECURITY POLICY - CURRICULUM
|
Section A |
General |
|
Code |
Details |
|
A1 |
Name of School |
|
|
King Edward VI School, Lichfield |
|
A2 |
Name of Headteacher |
|
|
Mr A D Meikle |
|
A3 |
Name of Chairman of Governors |
|
|
Mr M Maybury |
|
A4 |
Name of Network Administrator |
|
|
Mr T M Wood |
Section B |
Application Specific |
|
B1 |
Description of Software Applications covered by the Security Policy |
|
|
Details of all Curriculum Software are in Appendix B |
|
B2 |
Description of Hardware covered by the Security Policy |
|
|
Details of all Curriculum Hardware are in Appendix A |
|
B3 |
Location of Software Master Disks and Documentation |
|
|
All Master disks are kept in the Server room or locked storerooms with restricted access by key. |
|
B4 |
Frequency of Software inventory check |
|
|
An annual review of software provision should be carried out by the ICT
Co-ordinators and Appendix B updated. |
|
B5 |
Requirements for registration under the Data Protection Act |
|
|
Appropriate initial registration and amendments have been made. |
|
B6 |
Authorised user/user group (definition and review of user access to systems and data) |
|
|
All students and staff are given access to the curriculum Network controlled by unique User ID and Password. New students and staff are allocated a unique User ID and Password when they join the school. User areas are cleaned when the User leaves the school. |
|
B7 |
Passwords and Security Protection |
|
|
Access rights to all areas of the Network are restricted through Windows NT Security. Any stand-alone systems have no password protection |
|
B8 |
Frequency of password change |
|
|
Users can change their password whenever they are logged on, or request a password change by completing a Password Change Request form available in the Library Resource
Centre. The User's ID and Password may be withdrawn for short periods following abuse of the Computer Network and/or its related systems. Serious abuses of the Computer Network and/or its related systems will be referred to senior staff, for an extended period of withdrawal of the User's ID and Password. |
|
B9 |
Requirements for back-up copies of software and data |
|
|
A complete back-up of each server is made on each weekday onto separate tapes. |
|
B10 |
Frequency of backing-up data |
|
|
A complete back-up of each server is made on each weekday onto separate tapes. The back-up is retained for seven days - until the tape is required for the following week. A separate complete backup is taken when the system is subject to a major upgrade. All tapes are kept in the locked Server room. |
|
B11 |
Physical siting of hardware on which sensitive information is displayed |
|
|
Sensitive information is not saved on curriculum hard disc machines or on the Curriculum Network. Any sensitive information is saved on floppy discs which are kept by the individual member of staff who may have created such information. |
|
B12 |
Provision for disposal of computer media containing sensitive information |
|
|
Discs are reformatted before re-use.
Back-up tapes are erased before disposal. |
|
B13 |
Protection of software and data stored on hardware or media being removed from the site |
|
|
Back-up procedures have already been mentioned above. All users have been made aware of copyright issues and that software should not be copied from the Network. Computers are only removed from site with the permission of the Network Administrator for home use or in order to effect repairs. |
|
B14 |
Provision for on-site and off-site storage of and access to back-up discs/tapes. |
|
|
All Master disks are kept in the Server room or locked storerooms with restricted (Network Manager, Network Technician, Librarian and Deputy
Headteacher) access by key. |
|
B15 |
Precautions to prevent Virus Infection |
|
|
Only disks which have been obtain from a reputable source are installed on the system. Users have been instructed that no personal software should be placed on the system. Protection against Virus Infections is ensured by the installation of:
- NORTON Anti-Virus
software on the Curriculum Network
- SOPHOS Anti-Virus
software on the Administration Network.
|
|
B16 |
Frequency of Virus Check |
|
|
- All Administration Network stations are protected by the installation of SOPHOS Intercheck which is updated monthly and as necessary, at intervals from the Internet.
- All Curriculum Network stations are protected by the installation of NORTON Anti-Virus which is updated automatically from the Internet.
|
|
B17 |
Rules for on-site and off-site hardware and software, however acquired |
|
|
Users have been instructed that all computer software and hardware must only be used for authorised purposes and that any new software may only be installed with the approval of the Network Administrator. No hardware may be removed from the site without the permission of the Network Administrator. |
|
B18 |
Insurance Cover Provision |
|
|
All computer systems are insured. |
|
B19 |
Contingency planning in case of a major systems failure. |
|
|
The school has a full, annually renewed contract with EJITU |
|
B20 |
Provision of Staff Training in computer security practices |
|
|
All ICT training for staff includes elements of computer security practices. |
Section C |
E-mail and Internet use |
|
Code |
Details |
|
C1 |
Work stations connected to E-mail and Internet |
|
|
All Network stations have E-mail capability (through MS Outlook Express) and Internet capability (through MS Internet Explorer). |
|
C2 |
Use of E-mail and Internet Services. |
|
|
Our Internet Service Provider (Research Machines PLC) includes a filter of undesirable material. Access is provided for:-
 | all staff |
| student users who have completed an "Internet Access" form which details the rules for use. |
This form needs to be countersigned by a parent/guardian for all users under 18 years of age. |
