POLICY 810 - INFORMATION SECURITY POLICY
The purpose of this policy is to authorize and direct the Superintendent to establish, implement, and maintain information security measures.
II. GENERAL STATEMENT OF POLICY
Cambridge-Isanti Schools establishes information security classifications, implements procedural and electronic security controls, and maintains records regarding assigned security authorization. Information security measures apply to Cambridge-Isanti Schools employees and all district operations. Any unauthorized access, use, transfer, or distribution of district information by any employee, student, or any other individual, may result in appropriate disciplinary action, which may include a recommendation for termination and other legal action.
Information security is managing risks to the confidentiality, integrity, and availability of information using administrative, physical, and technical controls.
In order to effectively implement this policy the Superintendent, or designee, will:
- Implement standards and procedures to effectively manage and provide necessary access to Cambridge-Isanti Schools information, while at the same time ensuring the confidentiality, integrity, and availability of the information. Insofar as this policy deals with access to Cambridge-Isanti Schools computing and network resources, all relevant provisions in the District's Acceptable Use Policy [MASBA - Policy 524] apply.
- Implement procedures to effectively and appropriately handle information breaches, including procedures to notify students and families, and notification to affected educational institutions in the case of an online service provider breach.
- Provide a structured and consistent process for employees to obtain necessary information access for conducting Cambridge-Isanti Schools operations.
- Define information classification and related safeguards.
- Provide a list of relevant considerations for system personnel responsible for purchasing or subscribing to software that will utilize and/or expose district information.
- Establish a District Information Security Officer role appointed by the Superintendent with responsibilities and authority to enforce Cambridge-Isanti Schools Information Security Policy and procedures.
- These security measures apply to information found in or converted to a digital format. (The same information may exist in paper format for which the same local policies, state laws, statutes, and federal laws would apply, but no electronic control measures are needed.)
- Security measures apply to all employees, contract workers, volunteers, and visitors of Cambridge-Isanti Schools and all information used to conduct operations of the district.
- Security measures do not address public access to information.
- Security measures apply to Cambridge-Isanti Schools information accessed from any location; internal, external, or remote.
- Security Measures apply to the transfer of any Cambridge-Isanti Schools information inside or outside the district for any purpose.
VI. GUIDING PRINCIPLES
- The Superintendent, or designee, shall determine appropriate access permissions in order to complete their duties.
- The Director of Technology will designate an individual(s) within the technology department (if applicable) to implement, monitor, and safeguard access to Cambridge-Isanti Schools information based on the restrictions and permissions determined by the information.
- Department directors will be responsible for educating all employees in their areas of responsibilities associated with electronic information security.
- Information Users granted "create" and/or "update" privileges are responsible for their actions while using these privileges. That is, all schools or other facilities are responsible for the district information they create, update, and/or delete.
- Any individual granted access to Cambridge-Isanti Schools information is responsible for the ethical use of that information. Access will be used only in accordance with the authority delegated to the individual to conduct Cambridge-Isanti Schools operations.
- It is the express responsibility of authorized users to safeguard the information they are entrusted with, ensuring compliance with all aspects of this policy and additional related Cambridge-Isanti Schools policies and/or procedures.
- These security measures apply to Cambridge-Isanti Schools information regardless of location. Users who transfer or transport Cambridge-Isanti Schools information "off-campus" for any reason must ensure that they are able to comply with all information security measures prior to transporting or transferring the information.
VII. POLICY REVIEW
This policy will be reviewed on a regularly scheduled basis.
Source: Cambridge-Isanti Schools
100 - School District
200 - School Board
300 - Administration
400 - Employees/Personnel
500 - Students
600 - Education Programs
700 - Non-Instructional Operations and Business Services
800 - Building and Sites
900 - School/Community Relations