Information security
All school and corporate staff must take reasonable steps to protect personal and health information they create, handle or for which they have responsibility.
Schools must make sure that personal and health information is:
- stored securely
- protected from loss
- protected from unauthorised access, changes or sharing
- destroyed or disposed of according to department policies when no longer required.
Information and communication technology security policies
Several department policies guide how to use information and communication technology (ICT).
Information Security explains the requirements for protecting school information.
Software and Administration Systems outlines the requirements for schools before buying or renewing software contracts and when auditing existing software.
Portable Storage Device Security Policy (staff login explains how to protect portable storage devices that have sensitive or protected information.
Digital Technologies – Responsible Use policy explains how schools should help students to use technology safely and responsibly.
Procurement of ICT systems
When schools procure third-party systems, all legal obligations must be covered in the contract. For example, it should include requirements relating to privacy, data protection and records management.
For details, refer to Software and Administration Systems.
Reviewed 10 July 2025