All school and corporate staff must take reasonable steps to ensure that personal and health information they create, handle or have responsibility for is securely stored and protected from loss, unauthorised access, modification, disclosure or destruction.
For guidance and resources, refer to Information Security – InfoSafe.
For measures schools must take to support students to engage with digital technology in a safe and responsible way, refer to the Cybersafety and Responsible Use of Digital Technologies Policy.
Information and communication technology (ICT) security policies
Information Security (InfoSafe) Policy:
- sets out the Department’s information security requirements for schools
- provides guidance on identifying and reporting ICT security incidents
Acceptable Use Policy for ICT Resources for direction to corporate and school staff on acceptable use of ICT resources.
Edupass — Identity and Access Management in Schools Policy for direction on password security requirements.
Portable Storage Device Security provides guidance to corporate and school staff on security for portable storage devices containing sensitive or protected information.
Good records management practices are vital for keeping personal information secure.
For advice and responsibilities relating to the management, storage and disposal of records, refer to Records Management — School Records Policy.
School procurement of ICT systems
For information on the procurement procedure for schools, refer to Procurement — Schools.
When schools procure ICT applications and systems, they need to ensure compliance with a number of legislative obligations, including privacy, data protection, records management and accessibility. To support schools in doing this, the Supplier Compliance process has been established to evaluate ICT suppliers.
For information on this process, refer to Supplier Compliance .
Reviewed 07 December 2021