Return to Administrative Procedures


Information Security


Other than data defined as public, all data and processing resources on the Division network are only accessible on a need-to-know basis to specifically identified, authenticated and authorized users.


Information Security

The protecting of all data, applications, networks, and computer systems from all threats whether it be unauthorized or inappropriate access, usage, alteration, disclosure or destruction either internally or externally, deliberate or accidental.


  1. The Superintendent will ensure that:
    1. Information is protected against unauthorized access;
    2. Confidentiality of information is assured;
    3. Integrity of information is maintained;
    4. Information security training is provided;
    5. A disaster recovery plan is produced, maintained and tested annually;
    6. Availability of information and information systems for business and educational needs is met;
    7. Legislative, regulatory and Division procedure requirements are met;
    8. Associated procedures, standards and guidelines are produced and updated as needed.
  2. Site Administrators/Principals are responsible for enduring implementation of the administrative procedures within their areas of responsibility, and for the adherence of staff and students.
  3. It is the responsibility of each user accessing any aspect of the Division’s information system to do everything reasonable, within their power, to ensure any/all procedures, standards or guidelines are followed.
  4. Division staff must report any breaches of information security, whether actual or suspected, to their immediate supervisor for investigation.  Supervisors shall contact the manager of technology Network Administrator, who will; report to the Superintendent of Schools.
  5. This administrative procedure applies to all Division data assets that exist in any Division applications, systems, or network environments, on any media during any part of its life cycle.  The administrative procedure applies to all systems and data whether academic, administrative or any other.  The following users are covered by this administrative procedure; full or part time employees of the Division, contactors, volunteers and visitors, any other persons, entities, or organizations that have access to Division data, applications, systems, or network environments.
  6. The Network Administrator shall be responsible for establishing, maintaining, implementing, administering, and interpreting organization-wide information systems security standards, guidelines, and procedures.  While responsibility for security of information systems on a day-to-day basis is every employee’s duty, specific guidance, direction, and authority for information systems security is centralized for all of the Division through the information technology department.
  7. The Network Administrator is further responsible for:
    1. Securing data for investigations into any alleged computer or network security compromises, incidents, or problems.  Such requests must be submitted in writing by the Superintendent or designate;
    2. Providing security guidance to school administrators, department managers and senior executives;
    3. Promoting security awareness to all users of the Division information system.
  8. The Network Administrator shall, in conjunction with senior executive, departmental managers, and internal/external audits, review this document on an annual basis.
  9. A contingent review shall be conducted if a significant loss occurs due to a risk that has not been adequately addressed by administrative procedures.


Sections 12, 60, 61, 113 School Act

Freedom of Information and Protection of Privacy Act

Canadian Charter of Rights and Freedoms

Canadian Criminal Code

Copyright Act

ATA Code of Professional Conduct

Board Policy 12 Role of the Superintendent

Revised January 2014