The school system computers, networks, and other technological resources are valuable assets that support the educational and administrative functions of the school system. System integrity and security is of utmost importance since employees and students depend on these systems to support teaching and learning and because they store sensitive and confidential information.
A. Network and Information Security
Technology personnel will evaluate all technology assets and apply the necessary controls to protect Wilkes County Schools’ network, data, information systems, and technological resources. Appropriate security measures will be in place to protect all information technology assets from accidental or unauthorized use, theft, modification, or destruction, and to prevent the unauthorized disclosure of restricted information. Network security measures will include an information technology system disaster recovery process. Audits of security measures must be conducted annually.
All personnel will secure and protect information technology assets that are under their control. This includes technology equipment, storage media, and physical data.
Third parties executing business on behalf of Wilkes County Schools must agree to follow Wilkes County Schools’ information security policies including, but not limited to, Technology Responsible Use Policy 3225/4312/7320, Confidentiality of Personally Identifiable Information Policy 4705/7825, Network Security Policy 6524 and any other applicable local policies and procedures along with state and federal policies and laws. Third parties may only access Wilkes County Schools’ information resources for a legitimate business need.
B. Security Awareness
The technology director or designee will provide employees with information to enhance awareness regarding technology security threats and to educate them about appropriate safeguards, network security, and information security.
C. Malware Protection
Malware detection programs and practices will be implemented throughout the school system. The school system will ensure that current software is in place to prevent the introduction or propagation of computer malware. Users must use extreme caution when downloading software, opening email attachments, or visiting links in emails or websites since they could contain viruses, Trojans, or other forms of malicious software.
D. Training for Use of Technological Resources
Users should be trained as necessary to use technological resources effectively and in a manner that maintains the security of the network infrastructure and ensures compliance with state and federal laws and regulations. Training should include information related to remote access, virus protection, the state student information and instructional improvement system applications, network and information security, and other topics deemed necessary by the superintendent or technology director. Training may be conducted as part of the technology-related professional development program (see policy 3220, Technology in the Educational Program).
E. Access to Information Technology Systems
Access to the school system’s information technology assets will be controlled and managed to ensure that only authorized individuals/devices have access.
- User ID and Password
All users of information technology systems must be properly identified and authenticated before being allowed to access these systems. The combination of a unique user identification and a valid password is the minimum requirement for granting access to information technology systems. Depending on the operating environment, information involved, and exposure risks, additional or more stringent security practices may be required as determined by the superintendent or technology director. The technology director or designee will establish password management capabilities and procedures to ensure the security of passwords.
- Student Information System
The technology director or designee will ensure that all school system computers with access to the state student information system application pursuant to State Board of Education Policy SBOP-018 adhere to relevant standards and requirements, including provisions related to user identification, password standards, and workstation security requirements. Employees must follow all standards and requirements when using any computer to access the student information system, including when using the employee’s personal computer.
- Remote Access
The superintendent and technology director may grant remote access to authorized users of the school system’s computer systems. The technology director or designee shall ensure that access is provided through secure, authenticated, and carefully managed access methods.
Legal References: G.S. 115C-523, -524; State Board of Education Policy SBOP-018
Cross References: Professional Development and Assistance (policy 1610/7800), Technology in the Educational Program (policy 3220), Technology Responsible Use (policy 3225/4312/7320), Internet Safety (policy 3226/4205), School Improvement Plan (policy 3430), Use of Equipment, Materials, and Supplies (policy 6520)
Adopted: January 10, 2022