Skip To Main Content

Logo Image

Logo Title

Our mission is to graduate 100 percent of our students, college and career ready.

1603 Computer Security

A large portion of Union Public Schools business is conducted with district-owned computers. Protection of district- owned computers and the information handled by these systems is an essential part of doing business at Union Public Schools. All district computer users are expected to comply with this policy.

CONFIGURATION CONTROL

A.      Changes To Application Software and Hardware - Union Public Schools has a self-service portal of approved software packages that users may run on their district-owned computers. Employees must not install other software packages on district-owned computers without obtaining advance permission from the IT Department. Employees must not permit automatic software installation routines to be run on district-owned computers unless these routines have been approved by the IT Department. Unapproved software may be removed without advance notice to the involved employee.

B.      Changes To Operating System Configuration - On district-supplied computer hardware, employees must not change operating system configurations, upgrade existing operating systems or install new operating systems. If such changes are required, they must be performed by IT Department personnel except when an employee has been issued a device set up to allow that capability.

C.      Changes To Hardware - Computer equipment supplied by Union Public Schools must not be altered or added to in any way without the prior knowledge of and authorization from the IT Department.

ACCESS CONTROL

A.      Choice Of Passwords - The user-chosen passwords employed by access control software packages and the keys employed by encryption packages must be in compliance with requirements set by the IT Department.

B.      Storage Of Passwords - Employees must maintain exclusive control of their personal passwords. They must not share them with others at any time. Passwords must not be stored in readable form in batch files, automatic logon scripts, software macros, in computers without access controls or in any other locations where unauthorized persons might discover them.

C.      Teacher Computer Use - Computers assigned to teachers shall not be used by students and should never be accessed while using teacher’s credentials.

D.      USB Access - Teachers shall never insert any portable mass storage device into their computer that is not their own. This would include never downloading any files or uploading any files to a student’s portable storage device.

BACKUP

A.      Device Backup -

a.        All sensitive, valuable or critical information resident on the district computer systems must be periodically backed up. Such backup processes should be performed weekly;

b.       The end user is ultimately responsible to ensure the accuracy of the backup.

B.      Copyright Protection - Making unauthorized copies of licensed and copyrighted software, even if for “evaluation” purposes, is forbidden. Union Public Schools permits reproduction of copyrighted materials only to the extent legally considered fair use or with the permission of the author or owner. If employees have any questions about the copyright laws as they pertain to software, they should contact the IT Department. Unless they receive information to the contrary, employees must assume that software and other materials are copyrighted.

NETWORKING

A.      Modems or wireless access points are not permitted without approval from the IT Department.

B.      Downloading Sensitive Information - Sensitive district information may be downloaded from a multi-user system to a district-owned computer only if a clear business need exists, adequate controls to protect the information are currently installed on the involved district-owned computer and advance permission from the information owner has been obtained. This policy is not intended to cover electronic mail or memos, but does apply to databases, master files and other information stored on minicomputers, servers and other multi-user machines. This applies regardless of the media on which information is stored, the locations where the information is stored, the systems technology used to process the information, the people who handle it or the processes by which information is handled.

C.      Installation Of Communications Lines - Employees and vendors must not make arrangements for or actually complete the installation of voice or data lines with any carrier if they have not obtained approval from the Executive Director of Technology.

D.      Establishing Networks - Employees must not establish local-area networks, wireless networks, or modem connections to existing networks or other multi-user systems for communicating information without the specific approval of the Executive Director of Technology.

E.       Remote Desktop or Terminal Services - Remote desktop or terminal services to home or out-of-district computers must be approved by the Executive Director of Technology.

 

PHYSICAL SECURITY

A.      Lending District-Owned Technology To Others - Users must never lend a Union Public Schools district-owned computer to a non-district employee without the Superintendent’s or designee’s approval.

B.      Custodians For Equipment - The primary user of a district-owned computer is considered a Custodian for the equipment. If the equipment has been damaged, lost, stolen, borrowed or is otherwise unavailable for normal business activities, a Custodian must promptly inform his/her supervisor. With the exception of portable machines, district-owned computer equipment must not be moved or relocated without the knowledge and approval of the supervisor.

C.      Use of Personal Equipment - The Technology Department shall not provide any support for personal devices including driver installation.

D.      Positioning Display Screens - Care must be taken to position keyboards or screens so that unauthorized persons cannot readily see confidential information, employees enter passwords, encryption keys and other security-related parameters.

E.       Locking Sensitive Information - When not being used or when not in a clearly visible and attended area, computers must be locked or the user logged off.

F.       Environmental Considerations - All district-owned computers in district offices should use surge suppressors. Those district-owned computers running critical applications should use uninterruptible power systems approved by the IT Department.

MANAGEMENT

A.      Rights To Programs Developed - Without a specific written exception, all computer programs and documentation generated or provided by employees for the benefit of the district are the property of Union Public Schools. All other material developed by district employees using district-owned computers is considered the property of Union Public Schools. This material includes patents, copyrights and trademarks.

B.      Browsing - Employees must not browse through district computer systems or networks. Steps taken by employees to legitimately locate information needed to perform their job are not considered browsing. Use of the Union Public Schools intranet is not considered browsing.

C.      Tools To Compromise Systems Security - Unless specifically authorized by the Executive Director of Technology, district employees must not acquire, possess, trade or use hardware or software tools that could be employed to evaluate or compromise information systems security. Examples of such tools include those that defeat software copy protection, discover secret passwords, identify security vulnerabilities or decrypt encrypted files.

D.      Reporting Problems - Users must promptly report all information security alerts, warnings and suspected vulnerabilities to the IT Department. Users must not use district systems to forward such information to other users, whether the other users are internal or external to Union Public Schools.

Adopted 12/13/04

Revised 1/16/06

Revised 2/12/07

Revised 12/10/07

Revised 1/18/10

Revised 11/8/10

Revised 12/12/11

Revised 12/10/12

Revised 12/9/13

Revised 12//14/15

Revised 12/9/19

Revised 12/14/2020

Revised 12/12/22

Revised 12/11/23