Transcript 2.Brent Heads_ ICT Steering Group.ppt
Data Issues: Brent Heads ICT Steering Group 06-03-09
Brent Heads’ ICT Steering Group 06-03-09
Data Issues
Data Issues: Brent Heads ICT Steering Group 06-03-09
Agenda
• • • • •
Introduction Some of the main questions
– –
Part 1: Data Security
Some issues Securing Personal Data
– –
Part 2: The Connected Future
Some Issues Data Sets AOB
Data Issues: Brent Heads ICT Steering Group 06-03-09
Some of the Main Questions
• Why Automated Collection?
• What is collected and when?
• Why is it collected by Chesterfield House?
• Why is it collected by Fronter?
• Why is it collected by London Grid for Learning(Atom Wide)?
• What does a school need to do to comply with the Data Protection Act?
• Why the need for regular school audits?
Data Issues: Brent Heads ICT Steering Group 06-03-09
Part 1: Data Security
Data Issues: Brent Heads ICT Steering Group 06-03-09
Some issues seen in some schools
• File servers stored in unlocked offices e.g..
• Poor data backup arrangements e.g… • Subsets of data available on websites in Excel • Subsets of data taken out of school on unencrypted USB Keys • Full data sets taken out of school on laptops not password protected or encrypted • Remote access to school admin servers via insecure software e.g. PCAnywhere • Inaccurate MIS data
Data Issues: Brent Heads ICT Steering Group 06-03-09
Data Security - DOs
• • • • • • • • • • •
Strictly limit access to personal data to those who need it to do their jobs.
Tailor the subset of data which users can see, to that required to do their job.
Enforce the use of strong passwords that contain both numbers & capital letters.
Enforce regular password changes that do not allow users to reuse old passwords.
Regularly review users & rights to ensure that these reflect job needs, that they are current & correct.
Do ensure that remote access to the school network is limited & that connections are encrypted.
Limit & control the personal data that is taken from the school on portable devices (Memory sticks, PDAs, Laptops etc.) Ensure that all personal data that is taken out of the school is in encrypted form.
Ensure that personal & other data is regularly backed up & that a copy is securely stored off-site wherever possible.
Ensure that all file servers that contain personal data are in a secure, normally locked location.
Ensure that PCs that have regular access to personal data through the logged in user are provided with a password protected screensaver
Data Issues: Brent Heads ICT Steering Group 06-03-09
Data Security – DON’Ts
• • • • •
Allow remote access to fileservers using products such as PCAnywhere or Microsoft’s Remote Desktop Connection software.
Post spreadsheets containing personal data without individual password protection on public facing web sites.
Post children’s photos on school websites without ensuring that no personal details are present in the file name or metadata.
Do not allow children’s photos to be downloadable from school web sites by right-clicking the image.
Allow remote access to file servers from “Any IP Address” without strictly limiting the range ports that are opened.
Data Issues: Brent Heads ICT Steering Group 06-03-09
Data Security Audit Where do I start?
• Carry out a regular data security audit • Are you registered with the Information Commissioners Office – is your registration up to date?
www.ico.gov.uk
There is a wealth of information on this site • On the audit trail check the dos and don’ts If your registration is not up to date and/or you are not doing a regular audit, and responding to its findings, it is unlikely that you are compliant with the act
Data Issues: Brent Heads ICT Steering Group 06-03-09
LGfL Secure and Remote Access
– Secure Remote Access costs £60 pa per concurrent user.
– Secure Remote Access allows access to school networks for users who want to connect remotely from anywhere within the LGfL network or via the Internet through standard web browser clients.
– It is secure and encrypted
• • • • • • •
Data Issues: Brent Heads ICT Steering Group 06-03-09
Securestore – Secure and Remote Storage
Secure, encrypted data storage Automated, prescheduled and on demand backups A minimum 1 month backup history Easily upgradeable storage space Quick and simple data restoration Uses existing broadband connection overnight, keeping costs down 50GB + 1 Server licence costs £450pa
Data Issues: Brent Heads ICT Steering Group 06-03-09
Part 2: The Connected Future
Data Issues: Brent Heads ICT Steering Group 06-03-09
• • • • • • Some Issues
MLE Integration SIF Groupcall USO StaffMail LondonMail
Data Issues: Brent Heads ICT Steering Group 06-03-09
Data Sharing (1)
• The Connected Future sees a number of information systems both inside & outside school sharing data.
• Data security is paramount & systems need to exchange data over an encrypted channel.
• Data elements need to be in a consistent, standard form & need to be present in Schools’ MIS e.g. MLE integration and various data sets • Standardised data exchange protocols are required
.
Data Issues: Brent Heads ICT Steering Group 06-03-09
Data Sharing (2)
• The standard defined for data exchange is SIF (Schools [now Systems] Interoperability Framework). This is an Internationally defined standard.
• SIF products are not yet available. In the interim the Authority has determined that an alternative, called Groupcall Xporter will be deployed to all schools. (See Brent circulars 2270, Nov 2006 & 3457 Jan 2009) available in the Resources area to regularly & automatically collect data.
Data Issues: Brent Heads ICT Steering Group 06-03-09
GroupCall Xporter
• Xporter a small service that runs on the school’s MIS server & is configured centrally. • Xporter runs specified MIS reports & transfers the data securely • Xporter collects staff and pupil data to keep USO up to date • Xporter collects the CTF data set used by the LA • Xporter will be superseded in 2010 by SIF
Data Issues: Brent Heads ICT Steering Group 06-03-09 Resources enabled by GroupCall Unified Sign-On (USO):
• A single username and password for every relevant student and member of staff in London, granting access to all supported LGfL resources • Second-factor authentication is available using OTP (one time password) tags for services accessing any sensitive data
StaffMail:
• For Staff, Governors and Admin • Full Exchange 2007 Functionality • Provided ‘free’ to LGfL Schools • Replacement to Synetrix @mail system
LondonMail:
• Web-mail service for curriculum use. Replaces DigitalBrain service • Inbound and outbound mail filtering by MicroSoft, protects against viruses, spam and inappropriate content • Provided ‘free’ to Brent Schools
Data Issues: Brent Heads ICT Steering Group 06-03-09
*
Note 1
: The CTF data set also contains detail of pupil’s SATs results, their previous school, ethnicity, SEN status, free school meal status, address & attendance information.
*Note 2
: The SIF data set contains all that is in the CTF data set together with information on staff as well as pupils. Staff information also contains, for example, the National Insurance (NI) number, length of service and grade.
First name Last name Email address Username Password User type LA code DCSF School code Date of birth Unique pupil number Current year group Class Gender Title SIF* (Schools Interoperability Framework) Staff + Pupils Yes Yes No Common Transfer File (CTF)* Pupil Only Yes Yes No No No No Yes Yes Yes Yes (Pupils) Yes (Pupils) No Yes Yes No No No Yes Yes Yes Yes (Pupils) Yes (Pupils) No Yes Yes London MLE (pupil) Yes Yes No Created Created Yes Yes Yes No Yes Yes Yes No London MLE (staff) Yes Yes No Created Created Yes Yes Yes Yes NA Yes Yes No Yes Pupil USO Yes Yes If London Mail or SafeMail is chosen Created Created Yes Yes Yes Yes Yes Yes Yes Yes Staff USO Yes Yes Yes Created Created Yes Yes Yes Yes NA No No Yes Yes
Data Issues: Brent Heads ICT Steering Group 06-03-09