Strand 1: Passwords
Aspect 1 - Password Security
- LPS has a password policy in place (Acceptable Use Policy) to protect the security of systems, data and community members.
- There are clear management responsibilities, and the policy is communicated through induction (Induction Pack), Prospectus and Visitor Signage.
- Staff and visitors require passwords to access networks and devices and receive relevant training.
- All passwords are able to be recovered/reset.
- There are multiple levels of authentication for all users, which includes senior leaders accessing vulnerable data, staff accessing relevant data and learners accessing safe and curriculum-related data.
Strand 2: Services
Aspect 1 - Filtering and Monitoring
- Internet access is filtered for all users, where there is limited access and only relevant content for variant user levels. This is managed centrally by the local authority (City and county of Swansea) using Smoothwall.
Aspect 2 - Technical Security
- LPS has a technical security strategy, informed by an Internal Audit, which is carried out on all the devices annually.
- Admin and senior leaders drive the strategy development, focusing on device and network equipment being catalogued accurately (serial numbers and device location) and that they are physically secured and managed (password protection on all devices, lockable trolleys, rooms and security in the school).
- If a security incident occurs, the school always follows the local authority policy and any incidents are escalated to the appropriate agency (AssystNet).
Aspect 3 - Data Protection
- LPS has a comprehensive set of data protection policies, and have appointed a data protection officer (Heather Akerman) -who has undertaken a data audit mapping exercise to understand where school data resides, its use, its lifespan, third party involvement and cloud storage.
- LPS is fully GDPR compliant and all staff and community members understand their statutory obligations and rights under current UK law.
- LPS have systems in place for recording subject access requests and breaches, in order for impact assessments which can be reported to ICO where relevant.
- The school has appointed a data protection governor - who is responsible for overseeing policy, procedure and practise.