Work out of school
This work out of school best practice area relates to one of the largest risks encountered with personal data - the movement of physical data.
Data is at greatest risk when it moves. And within the enclosed environment of the school data is protected to a certain extent by the physical restriction of space - though information security principles still apply.
However, where within the school building those information security approaches such as data classification, clear desk, access control and others apply, once data is taken outside of the school (when no-one is watching) sensible approaches are forgotten.
However, the data still needs to be treated with respect and privacy thought of before taking work out of school, rather than later when something goes wrong.
We have had data breaches reported with students work going missing from inside cars, from driveways where it wasn't placed in the car and town centres when its custodian left it outside a shop. We ask people to look after data because we know things can go wrong.
Our fundamental principle is that if you take work home - take it home. Don't stop and leave it somewhere else along the way. Never leave it unsecured.
We have added an employee checklist into the policy and documents section and also two new e-learning modules are available under "My Courses". These are:
Data is at greatest risk when it moves. And within the enclosed environment of the school data is protected to a certain extent by the physical restriction of space - though information security principles still apply.
However, where within the school building those information security approaches such as data classification, clear desk, access control and others apply, once data is taken outside of the school (when no-one is watching) sensible approaches are forgotten.
However, the data still needs to be treated with respect and privacy thought of before taking work out of school, rather than later when something goes wrong.
We have had data breaches reported with students work going missing from inside cars, from driveways where it wasn't placed in the car and town centres when its custodian left it outside a shop. We ask people to look after data because we know things can go wrong.
Our fundamental principle is that if you take work home - take it home. Don't stop and leave it somewhere else along the way. Never leave it unsecured.
We have added an employee checklist into the policy and documents section and also two new e-learning modules are available under "My Courses". These are:
- Working at Home
- Stay Safe Online (NCSC)
- Ensure AUP/IT Policy reflects best practise advice to staff on managing risks of accessing school systems and data outside of the school network.
(See documents under "Policy Statement" tab) - If a VPN in use this is usually on a school managed device and a secure encrypted connection (this is a remote connection to the school network and generally presents a school desktop screen to work at)
- School mobile devices should be encrypted and staff aware not to copy work to the device if working in a remote desktop environment
- Make sure any printing is not to a local printer and only within the school
- Other systems are usually accessed via web browser (Office365, Google, CPOMS, Cloud MIS) These systems are generally viewed on any web-connected device unless further restrictions are in place from schools IT provider.
- Challenge: Where is the most appropriate place to view data?
- Data should only be viewed by those needing access due to role
- Absolutely no use of school systems in public places (bus, coffee shop, library) so no shared wifi
- When working at home ensure you do not share data with housemates/family
- Home (personal) devices are not encrypted generally but the member of staff should make sure they are as secure as possible
- All current security patches and service updates are applied to the operating system
- Current antivirus software is installed and up to date and regular scans of the home device are carried out
- No work files should be copied to the personal device
- Office365 and Google document/email systems allow working within the browser which is secure
- Staff should be trained to understand the systems in use. Files generally should not be emailed around and those needing to be shared should be stored in shared workspaces
- The school should ensure the same level of diligence and access control is in place for online document storage as they should have for their network drives. Providing areas for differently classified data and appropriate levels of access control. They should ensure that staff understand data classification and the working practises for the systems provided by the school.
Documentation: Working out of school
Documentation: Acceptable Use Policy
Protocol for Setting Up and Delivery of Online Teaching and Learning
These protocols aim to ensure that online lessons with pupils when working from home, are safe, secure and continue to provide high-quality education using a virtual platform.
This is guidance for s...
Read MoreHave a question about working out of school? Ask it here.