Embed Size (px)
Citation preview
Data Issues: Brent Heads ICT Steering Group 06-03-09
Brent Heads’ ICT Steering Group06-03-09
Data Issues
Data Issues: Brent Heads ICT Steering Group 06-03-09
Agenda
• Introduction• Some of the main questions• Part 1: Data Security
– Some issues– Securing Personal Data
• Part 2: The Connected Future– Some Issues– Data Sets
• AOB
Data Issues: Brent Heads ICT Steering Group 06-03-09
Some of the Main Questions
• Why Automated Collection?• What is collected and when?• Why is it collected by Chesterfield House?• Why is it collected by Fronter?• Why is it collected by London Grid for
Learning(Atom Wide)?• What does a school need to do to comply with
the Data Protection Act?• Why the need for regular school audits?
Data Issues: Brent Heads ICT Steering Group 06-03-09
Part 1: Data Security
Data Issues: Brent Heads ICT Steering Group 06-03-09
Some issues seen in some schools
• File servers stored in unlocked offices e.g..• Poor data backup arrangements e.g…• Subsets of data available on websites in Excel• Subsets of data taken out of school on
unencrypted USB Keys• Full data sets taken out of school on laptops not
password protected or encrypted• Remote access to school admin servers via
insecure software e.g. PCAnywhere• Inaccurate MIS data
Data Issues: Brent Heads ICT Steering Group 06-03-09
Data Security - DOs• Strictly limit access to personal data to those who need it to do their jobs.• Tailor the subset of data which users can see, to that required to do their job.• Enforce the use of strong passwords that contain both numbers & capital
letters.• Enforce regular password changes that do not allow users to reuse old
passwords.• Regularly review users & rights to ensure that these reflect job needs, that they
are current & correct.• Do ensure that remote access to the school network is limited & that
connections are encrypted.• Limit & control the personal data that is taken from the school on portable
devices (Memory sticks, PDAs, Laptops etc.)• Ensure that all personal data that is taken out of the school is in encrypted
form.• Ensure that personal & other data is regularly backed up & that a copy is
securely stored off-site wherever possible.• Ensure that all file servers that contain personal data are in a secure, normally
locked location.• Ensure that PCs that have regular access to personal data through the logged
in user are provided with a password protected screensaver
Data Issues: Brent Heads ICT Steering Group 06-03-09
Data Security – DON’Ts• Allow remote access to fileservers using products such as
PCAnywhere or Microsoft’s Remote Desktop Connection software.
• Post spreadsheets containing personal data without individual password protection on public facing web sites.
• Post children’s photos on school websites without ensuring that no personal details are present in the file name or metadata.
• Do not allow children’s photos to be downloadable from school web sites by right-clicking the image.
• Allow remote access to file servers from “Any IP Address” without strictly limiting the range ports that are opened.
Data Issues: Brent Heads ICT Steering Group 06-03-09
Data Security Audit
Where do I start?
• Carry out a regular data security audit• Are you registered with the Information Commissioners
Office – is your registration up to date?
www.ico.gov.uk
There is a wealth of information on this site• On the audit trail check the dos and don’tsIf your registration is not up to date and/or you are not doing a regular
audit, and responding to its findings, it is unlikely that you are compliant with the act
Data Issues: Brent Heads ICT Steering Group 06-03-09
LGfL Secure and Remote Access
– Secure Remote Access costs £60 pa per concurrent user.
– Secure Remote Access allows access to school networks for users who want to connect remotely from anywhere within the LGfL network or via the Internet through standard web browser clients.
– It is secure and encrypted
Data Issues: Brent Heads ICT Steering Group 06-03-09
Securestore – Secure and Remote Storage
• Secure, encrypted data storage• Automated, prescheduled and on demand
backups• A minimum 1 month backup history• Easily upgradeable storage space• Quick and simple data restoration• Uses existing broadband connection
overnight, keeping costs down• 50GB + 1 Server licence costs £450pa
Data Issues: Brent Heads ICT Steering Group 06-03-09
Part 2: The Connected Future
Data Issues: Brent Heads ICT Steering Group 06-03-09
Some Issues
• MLE Integration• SIF• Groupcall• USO • StaffMail• LondonMail
Data Issues: Brent Heads ICT Steering Group 06-03-09
Data Sharing (1)
• The Connected Future sees a number of information systems both inside & outside school sharing data.
• Data security is paramount & systems need to exchange data over an encrypted channel.
• Data elements need to be in a consistent, standard form & need to be present in Schools’ MIS e.g. MLE integration and various data sets
• Standardised data exchange protocols are required.
Data Issues: Brent Heads ICT Steering Group 06-03-09
Data Sharing (2)
• The standard defined for data exchange is SIF (Schools [now Systems] Interoperability Framework). This is an Internationally defined standard.
• SIF products are not yet available. In the interim the Authority has determined that an alternative, called Groupcall Xporter will be deployed to all schools. (See Brent circulars 2270, Nov 2006 & 3457 Jan 2009) available in the Resources area to regularly & automatically collect data.
Data Issues: Brent Heads ICT Steering Group 06-03-09
GroupCall Xporter
• Xporter a small service that runs on the school’s MIS server & is configured centrally.
• Xporter runs specified MIS reports & transfers the data securely
• Xporter collects staff and pupil data to keep USO up to date
• Xporter collects the CTF data set used by the LA• Xporter will be superseded in 2010 by SIF
Data Issues: Brent Heads ICT Steering Group 06-03-09
Resources enabled by GroupCallUnified Sign-On (USO):
• A single username and password for every relevant student and member of staff in London, granting access to all supported LGfL resources
• Second-factor authentication is available using OTP (one time password) tags for services accessing any sensitive data
StaffMail: • For Staff, Governors and Admin
• Full Exchange 2007 Functionality• Provided ‘free’ to LGfL Schools• Replacement to Synetrix @mail system
LondonMail:• Web-mail service for curriculum use. Replaces DigitalBrain service • Inbound and outbound mail filtering by MicroSoft, protects against
viruses, spam and inappropriate content• Provided ‘free’ to Brent Schools
Data Issues: Brent Heads ICT Steering Group 06-03-09
SIF* (Schools
Interoperability Framework)
Staff + Pupils
Common Transfer
File (CTF)*
Pupil Only
London MLE
(pupil)
London MLE (staff)
Pupil USO
Staff USO
First name Yes Yes Yes Yes Yes Yes Last name Yes Yes Yes Yes Yes Yes
Email address
No No No No If London Mail or
SafeMail is chosen
Yes
Username No No Created Created Created Created Password No No Created Created Created Created User type No No Yes Yes Yes Yes LA code Yes Yes Yes Yes Yes Yes DCSF School code
Yes Yes Yes Yes Yes Yes
Date of birth
Yes Yes No Yes Yes Yes
Unique pupil
number
Yes (Pupils)
Yes (Pupils)
Yes NA Yes NA
Current year group
Yes (Pupils)
Yes (Pupils)
Yes Yes Yes No
Class No No Yes Yes Yes No Gender Yes Yes No No Yes Yes
Title Yes Yes Yes Yes
*Note 1: The CTF data set also contains detail of pupil’s SATs results, their previous school, ethnicity, SEN status, free school meal status, address & attendance information.*Note 2: The SIF data set contains all that is in the CTF data set together with information on staff as well as pupils. Staff information also contains, for example, the National Insurance (NI) number, length of service and grade.
Data Issues: Brent Heads ICT Steering Group 06-03-09
Resources
• Copies of the Consultation version of the Brent Data Security Strategy are now available
