Information security

All school and corporate staff must take reasonable steps to ensure that personal and health information they create, handle or have responsibility for is securely stored and protected from loss, unauthorised access, modification, disclosure or destruction.

For guidance and resources, refer to Information Security – InfoSafe.

For measures schools must take to support students to engage with digital technology in a safe and responsible way, refer to the Cybersafety and Responsible Use of Digital Technologies Policy.

Information and communication technology (ICT) security policies

Information Security (InfoSafe) Policy:

  • sets out the Department’s information security requirements for schools
  • provides guidance on identifying and reporting ICT security incidents

Acceptable Use Policy for ICT Resources for direction to corporate and school staff on acceptable use of ICT resources.

Edupass — Identity and Access Management in Schools Policy for direction on password security requirements.

Portable Storage Device Security PolicyExternal Link provides guidance to corporate and school staff on security for portable storage devices containing sensitive or protected information.

Records management

Good records management practices are vital for keeping personal information secure.

For advice and responsibilities relating to the management, storage and disposal of records, refer to Records Management — School Records Policy.

School procurement of ICT systems

For information on the procurement procedure for schools, refer to Procurement — Schools.

When schools procure ICT applications and systems, they need to ensure compliance with a number of legislative obligations, including privacy, data protection, records management and accessibility. To support schools in doing this, the Supplier Compliance process has been established to evaluate ICT suppliers.

For information on this process, refer to Supplier Compliance ProcessExternal Link .

Guidance chapter on the Department's commitment to ensuring the information it holds is managed and shared sensitively and securely to protect staff, students and their families

Reviewed 06 March 2024

Was this page helpful?