1600 Technology Utilization
Information and information systems are necessary for the performance of almost every business activity at Union Public Schools. In the event of a serious security problem with this information or these information systems, Union Public Schools could suffer serious consequences. As a result, information security must be a critical part of the district’s business environment.
ACCESS
Each user who is granted access to a computer system or systems, data, software, technology equipment, communication devices and computer outputs is responsible for maintaining the confidentiality of that information.
RESPONSIBILITY
All users shall use district equipment and technology in accordance with federal and state statutes and district policies.
Administrators and supervisors are responsible for monitoring compliance of employees under their direction.
PERSONAL USE OF INFORMATION SYSTEMS
A. The district is not liable for any loss of an employee’s non-work related data.
B. Personal Use - All user activity is subject to logging and subsequent analysis. Users must not perform any activity while on district provided internet or on district owned devices that could damage the reputation of Union Public Schools. Unprofessional conduct could lead to disciplinary action. Incidental personal use of district information systems including the telephone is permissible as long as the usage does not interfere with job performance, does not deny other users access to the system resources, and does not incur any costs without permission by an administrator. Personal use of district information, such as a mailing list, requires the advance approval of the Superintendent or designee.
C. Testing Prohibition - Users must not test or attempt to compromise any information security mechanism unless specifically authorized to do so by the Executive Director of Technology. Unless specifically approved by the Executive Director of Technology, users must not possess or use software or other tools that are designed to compromise information security.
STEWARDSHIP FOR ALL ASSIGNED DEVICES
A. Security - It is the responsibility of the user to properly use and protect any portable computer, tablet, or other technology device. Great care and caution must be taken whenever a computer is loaned to a non-district employee for temporary access. Its screen should be password locked when turned on but not being used.
B. If a mobile device is lost, stolen, or compromised the user shall notify the IT Department and the employee’s direct supervisor or the student’s first hour teacher within the next business day. Any stolen device must be reported to the Technology Department accompanied by a completed police report.
C. Financial obligations may be issued to the student/guardian or employee if damage is determined to be the result of negligence.
D. Devices must be returned when requested. Employees must return devices prior to their last day of employment or earlier if requested. Students must return all personally assigned district devices no later than the last day of school or when requested by their school site.
E. Devices that leave district property are still subject to internet filtering/monitoring requirements the same as if the device was on district property.
F. Geolocation services may collect location data.
G. No software, configuration, or application shall be used to remotely activate any camera on a device. Webcams and other streaming cameras must only be activated by the end user manually.
H. Devices must not be left unattended in any unsecure location. This includes, but not limited to, in a car overnight, on a table in a public accessible area, or on a school bus.
I. Data Encryption: Any data stored on a mobile device or mobile storage device, should be encrypted. THIRD-PARTY ACCESS
A. Before third-party users are permitted to reach the district’s internal systems through real-time computer connections, specific approval from the employee’s administrator must be obtained. These third-parties include information providers such as outsourcing organizations, business partners, contractors and consultants working on special projects. All third-party access must be through the use of a VPN (Virtual Private Network).
B. Third-party information system vendors must initiate in-bound connection when the applicable project manager determines that they have a legitimate business need. These privileges must be enabled only for the time period required to accomplish previously defined and approved tasks. Third-party vendor access that will last longer than one day must be approved by the IT Department. Vendor activity must be monitored while connected to a Union device.
C. Unless the relevant information project manager has approved in advance, employees must not place anything other than district public information in a directory, on a server or in any other location where unknown parties could readily access it.
D. As a condition of gaining access to the district computer network, every third party must secure its own connected system in a manner consistent with district requirements. Union Public Schools must reserve the right to audit the security measures in effect on third-party-connected systems to ensure security compliance. Union Public Schools also must reserve the right to immediately terminate network connections with all third- party systems not meeting such requirements.
E. In the event of a breach or intrusion or otherwise unauthorized access to district-owned data stored on vendor equipment, vendor shall immediately notify the Executive Director of Technology to allow the proper compliant (SOX, PCI, HIPAA, FERPA) break notification process to commence.
F. No third party vendors or contractors will receive a District provided email account with the exception of substitute positions.
G. Third party vendors and contractors will be provided an Active Directory account to be able to access District provided computers as well as the wireless network where applicable. Accounts will only be active for current semester or the termination of their agreement/assignment, whichever is sooner. Principal, administrator, or building secretary must request reactivation.
INTELLECTUAL PROPERTY RIGHTS
A. Legal Ownership - With the exception of material clearly owned by third parties, Union Public Schools is the legal owner of all business information stored on or passing through its systems. Unless the Superintendent has signed a specific written agreement, all business-related information developed while a user is employed by the district is Union Public Schools’ property.
B. Software - If a system that is used to process district information has been set up by the IT Department, users can rely on the fact that all software on this system is licensed and authorized. Questions about licensing must be directed to the IT Department which maintains documentation reflecting software licenses throughout the district. Making regular backups of software for contingency planning purposes is permissible. The IT Department must remove all unauthorized software from systems that are used to process district information.
DIGITAL SIGNATURES
Digital Signatures may be used where simple electronic signatures are acceptable and authorized for use. They may be permitted or required for any record or document where a signature is required by Federal law, Oklahoma law, or by Union Public Schools’ policy unless a handwritten signature is explicitly required.
Adopted 6/10/96
Revised 12/8/97
Revised 12/14/98
Revised 1/8/01
Revised 12/8/03
Revised 12/13/04
Revised 1/16/06
Revised 2/12/07
Revised 11/10/08
Revised 11/8/10
Revised 12/12/11
Revised 12/9/13
Revised 12/14/15
Revised 11/14/16
Revised 12/10/18
Revised 12/9/19
Revised 12/14/2020
Revised 12/13/21
Revised 6/13/22
Revised 12/12/22
Revised 12/11/23