Skip to main content

Data Security Practices

The school system website includes its data privacy and security policies and practices which are updated as-needed, but at least on an annual basis.

Examples and Evidence

A link to the Rights and Responsibilities Handbook may be found on the Student Portal (http://ecsd-fl.schoolloop.com/students). Links to the Employee Code of Ethics and Responsible Use Guidelines for Technology for Staff may be found on the Staff Portal (http://ecsd-fl.schoolloop.com/staff). All are updated annually as part of the review of School Board Rules.

Responsible Use Guidelines for Students and Staff as referenced in compliance package:

Students - http://ecsd-fl.schoolloop.com/file/1377670194342/1289140583901/43781751370156199.pdf

Staff - http://ecsd-fl.schoolloop.com/file/1377670194342/1289140583901/1563393657036356167.pdf

 

Students Rights and Responsibilities Handbook as referenced in the compliance package:  http://ecsd-fl.schoolloop.com/file/1377670194342/1289140583901/314518105536932723.pdf

 

Employee Code of Ethics:  http://www.escambia.k12.fl.us/PDF/CODE_of_ETHICS_BOARD_APPROVED-COMPLIANCE_REVISED_07-17-07.pdf

 

Website Privacy Notice:  http://ecsd-fl.schoolloop.com/portal/privacy?d=x&return_url=1466709772040

 

Website User Agreement:  http://ecsd-fl.schoolloop.com/portal/agreement?d=x&return_url=1466709982214

 

Responsible Use Guidelines (Page 5 of 8): http://ecsd-fl.schoolloop.com/file/1377670194342/1289140583901/1563393657036356167.pdf

The school system data privacy and security procedures includes information about data retention periods for student records, data transmission technical protocols, data at-rest and methods and controls limiting access to electronic data.

Examples and Evidence

The Escambia County School District follows the State of Florida General Records Schedule GS7 For Public Schools Pre-K12 and Adult and Career Education.  The District annually (or more frequently) emails information regarding retention periods for student records. The appropriate departments have Standard Operating Procedures and review those with leaders and staff. The Protecting Privacy in Connected Learning Toolkit is also used to secure data in transit outside of the District.

Student Records Page: http://ecsd-fl.schoolloop.com/cms/page_view?d=x&piid=&vpid=1321281250177

 

Sample IT Department SOP and Guidelines for Data Access and Security:  http://ecsd-fl.schoolloop.com/file/1456828834611/1289140586545/4029998026705654340.pdf

 

Sample Email for Security Access: http://ecsd-fl.schoolloop.com/file/1456828834611/1289140586545/5530407829953979923.pdf

The school system data has enforceable policies regarding storage of data on local computers, mobile devices, storage devices and cloud file-sharing and storage services.

Examples and Evidence

The Escambia County School District follows the State of Florida Statutes and Guidelines. Guidelines regarding data storage and use are documented in standard operating procedures and District policies posted on the website. The District has a standard operating procedure for computer equipment and disposal to ensure that data stored on local computers and storage devices is appropriately destroyed. The District maintains cloud file-sharing and storage services for staff to use as additional storage. The District maintains contracts with those cloud file-sharing and storage services and includes provisions for data security in those contracts. When users leave the District, all access to cloud file-sharing and storage services is terminated (see standard operating procedure for user security). The District does not have specific policies on storage of data on personally-owned computers or mobile devices, but the Federal/State Compliance Packet, Staff Responsible Use Guidelines, and Employee Code of Ethics all require staff to maintain data security practices even on personally-owned devices.

Link to Employee Federal/State Compliance Packet:   http://ecsd-fl.schoolloop.com/file/1327738240672/1289140583901/2609815705504477454.pdf

 

Responsible Use Guidelines for Students and Staff as referenced in compliance package:

Students - http://ecsd-fl.schoolloop.com/file/1377670194342/1289140583901/43781751370156199.pdf

Staff - http://ecsd-fl.schoolloop.com/file/1377670194342/1289140583901/1563393657036356167.pdf

 

Students Rights and Responsibilities Handbook as referenced in the compliance package:  http://ecsd-fl.schoolloop.com/file/1377670194342/1289140583901/314518105536932723.pdf

 

Employee Code of Ethics:  http://www.escambia.k12.fl.us/PDF/CODE_of_ETHICS_BOARD_APPROVED-COMPLIANCE_REVISED_07-17-07.pdf

The school system utilizes a documented, role-based process when granting access rights to educators, staff, and contractors to data and technology systems.

Examples and Evidence

The Escambia County School District IT Department has Standard Operating Policies and Procedures regarding security and rights. Policies are posted online and are reviewed at least annually and updated as needed.

IT Department Security SOP:  https://docs.google.com/document/d/18bizg_V1Q_9flkyeUKHiLqZIFVEUmwUVHJAz17IhN5I/edit?usp=sharing

 

IT Application Security SOP:  https://docs.google.com/document/d/1Hin5v7nhcI5AmVbM_1P-u0XxwIo4tWFOuSe8jkmr8Hw/edit?usp=sharing

 

Sample IT Department SOP and Guidelines for Data Access and Security:  http://ecsd-fl.schoolloop.com/file/1456828834611/1289140586545/4029998026705654340.pdf

 

Sample Email for Security Access: http://ecsd-fl.schoolloop.com/file/1456828834611/1289140586545/5530407829953979923.pdf

The school system has a process in place to communicate data incidents to appropriate stakeholders, in accordance with state law and school system policies.

Examples and Evidence

The Escambia County School District IT Department has Standard Operating Policies and Procedures regarding incidents and data security.  These are reviewed at least annually and updated as needed.

IT Department Preparation and Recovery Plans:  https://docs.google.com/document/d/13zqVV-opkFeqeyIBrVTD2crYLpti9dp_G6qy68sI0_Y/edit?usp=sharing

 

IT Application Security SOP:  https://docs.google.com/document/d/1Hin5v7nhcI5AmVbM_1P-u0XxwIo4tWFOuSe8jkmr8Hw/edit?usp=sharing

The school system has a business continuity and disaster recovery(DR) plan which is verified and tested on an established, regular basis.

Examples and Evidence

The Escambia County School District IT Department has Standard Operating Policies and Procedures regarding disaster recovery and data security. These procedures are reviewed and updated at least annually.

IT Department Preparation and Recovery Plans:  https://docs.google.com/document/d/13zqVV-opkFeqeyIBrVTD2crYLpti9dp_G6qy68sI0_Y/edit?usp=sharing

 

IT Application Security SOP:  https://docs.google.com/document/d/1Hin5v7nhcI5AmVbM_1P-u0XxwIo4tWFOuSe8jkmr8Hw/edit?usp=sharing

 

Hurricane Preparedness Plan:  http://ecsd-fl.schoolloop.com/file/1383983226715/1383982273882/6726532450346048559.pdf

 

Hurricane Preparedness Video (updated annually): http://escambiacountysdfl.swagit.com/play/06132016-1406

The school system performs an audit of data privacy and security practices on an established, regular basis.

Examples and Evidence

The Escambia County School District conducts an annual financial audit including IT operation practices.  A full operational audit including a review of all IT processes occurs every three years.  The identity management process is used to manage security within major applications and any security overrides are reviewed on an annual basis.  Supervisors must approve any overrides prior to the additional access being granted.  Documentation is posted in Vibe of interfaces among various applications.  At least annually fields are reviewed.

Sample IT Department SOP and Guidelines for Data Access and Security:  http://ecsd-fl.schoolloop.com/file/1456828834611/1289140586545/4029998026705654340.pdf

 

Sample Email for Security Access: http://ecsd-fl.schoolloop.com/file/1456828834611/1289140586545/5530407829953979923.pdf