Technologies and ICT Services in Schools

Policy

The purpose of the policy is to establish the requirement for Victorian government schools to use technologies and ICT services provided by the department.

Summary

• The department provides a suite of technologies and ICT services to schools.
• Where a school has previously adopted technology now provided by the department, schools must transition to the department technologies by the end of 2028. Refer to the ‘Department-provided technologies’ section below for further details.
• Schools must not implement the same technologies where the technology is provided by the department.
• Schools must not adopt different technologies where the department technology provides the same service.
• Where the technology is not provided by the department, schools may continue to adopt and use those technologies provided they have been assessed as meeting child safety, privacy, records management and information security requirements. Refer to the ‘Other Technologies and Services’ section in the Guidance tab for further details.
• Schools should update their ICT strategic plans to align with the objectives of this policy.

Details

The increased cyber security risk and emerging regulatory standards means it is no longer appropriate for schools to operate separate technology environments. This is because:

• cyber security incidents continue to increase in both sophistication and frequency resulting in privacy breaches and extended outages impacting curriculum delivery
• mitigating risks and responding to incidents in a diverse technology landscape is protracted and less effective
• the accelerating pace of technology adoption in schools without the necessary privacy, security and child safety assessments increases risk of harm
• Standard 9 of the Child Safe Standards requires schools and the department to maintain the safety of children in an online environment
• future compliance and reporting requirements to the Office of the Victorian Information Commissioner (OVIC) will require individual schools to report to OVIC every 2 years on their compliance with the standards of the Victorian Protective Data Security Framework (VPDSF) unless they are using department-provided technologies and ICT services (in which case the department will report to OVIC)
• by the end of 2028 schools will be required to have migrated their school-managed technologies to department-provided technologies where available. Schools will be contacted to advise of the migration process. Refer to ‘Migrating to department provided technologies’ section below for further details.

Department provided technologies and ICT services

The department provides a suite of technologies and services to schools. These technologies are regularly assessed for compliance with the child safety, privacy and security standards. Department-provided technologies include:

• high speed internet access with content filtering
• collaboration platforms including Microsoft 365, Google Workspace for Education and WebEx
• enterprise grade WiFi
• single identity for staff and students
• single email address for staff and students
• cloud-based device management solution
• server endpoint detection and response.

In response to the growing cyber security threat to schools the department is working on enhancing the suite of technologies and services to schools to include additional cyber security capabilities, which will be added to the technologies above.

Migrating to department provided technologies

By the end of 2028 schools will be required to have migrated their school-managed technologies to department-provided technologies where available.

The Securing Connected Learners (SCL) Program has been established to support schools in migrating to department-provided technologies by the end of 2028 and schools will have the opportunity to influence improvements to the technology and services the department provides.

Refer to SCL Program (staff login required) for further information.

If existing commercial agreements for equipment, services and software are due for renewal and sufficient notice is provided, the SCL Program may be able to facilitate an early transition providing a cost-avoidance opportunity for schools. Please use the Contact us page to notify the SCL Program of these arrangements.

Related policies

• CCTV in Schools – Installation and Management
• Digital Learning
• Digital Technologies – Responsible Use
• eduMail (employee email)
• eduPass – Identity and Access Management in Schools
• ICT Support for Schools
• Information Security – InfoSafe
• Privacy and Information Sharing
• Procurement – Schools
• Records Management – School Records
• School Administration Systems

Relevant legislation

• Child Wellbeing and Safety Act 2005 (Vic)
• Health Records Act 2001 (Vic)
• Ministerial Order 1359 – Implementing the Child Safe Standards – Managing the risk of child abuse in schools (PDF)
• Privacy and Data Protection Act 2014 (Vic)
• Victorian Protective Data Security Framework