- April 2024 Newsletter 15th April 2024
- March 2024 Newsletter 11th March 2024
- February 2024 Newsletter 8th February 2024
LPS has a password policy in place (Acceptable Use Policy) to protect the security of systems, data and community members.
There are clear management responsibilities, and the policy is communicated through induction (Induction Pack), Prospectus and Visitor Signage.
Staff and visitors require passwords to access networks and devices and receive relevant training.
All passwords are able to be recovered/reset.
There are multiple levels of authentication for all users, which includes senior leaders accessing vulnerable data, staff accessing relevant data and learners accessing safe and curriculum-related data.
Internet access is filtered for all users, where there is limited access and only relevant content for variant user levels. This is managed centrally by the local authority (City and county of Swansea) using Smoothwall.
Filtering and monitoring is managed by the local authority, in line with HWB digital standards that note “Schools with local authority contracts can check with their local authority contact to see how the monitoring of their network is being carried out.”
In addition, LPS create a log of incidents such as inappropriate web content being displayed and how we have responded to this incident (e.g. contacting the LA to block a URL etc.).
LPS has a technical security strategy, informed by an Internal Audit, which is carried out on all the devices annually.
Admin and senior leaders drive the strategy development, focusing on device and network equipment being catalogued accurately (serial numbers and device location) and that they are physically secured and managed (password protection on all devices, lockable trolleys, rooms and security in the school).
If a security incident occurs, the school always follows the local authority policy and any incidents are escalated to the appropriate agency (AssystNet).
Emails containing sensitive information are sent with encryption (Parent Reports).
All staff and governors access storage areas and emails through two factor authentication processes.
All devices used in school are on a managed service (iPads are on our inTune system).
Therefore all devices are managed to detect and limit security breaches or data loss.
LPS has a comprehensive set of data protection policies, and have appointed a data protection officer (Heather Akerman) -who has undertaken a data audit mapping exercise to understand where school data resides, its use, its lifespan, third party involvement and cloud storage.
LPS is fully GDPR compliant and all staff and community members understand their statutory obligations and rights under current UK law.
LPS have systems in place for recording subject access requests and breaches, in order for impact assessments which can be reported to ICO where relevant.
The school has appointed a data protection governor - who is responsible for overseeing policy, procedure and practise.
Evidence Links: