Technology Data Security Policy
South Sanpete School District (SSSD) supports secure network systems, including security for all personally identifiable information that is stored on paper or stored digitally on SSSD-maintained computers and networks. This policy supports efforts to mitigate threats that may cause harm to the districts, students, or employees in the SSSD District.
SSSD will ensure reasonable efforts will be made to maintain network security. Data loss can be caused by human error, hardware malfunction, natural disaster, security breach, etc., and may not be preventable.
All persons who are granted access to the SSSD network and other technology resources are expected to be careful and aware of suspicious communications and unauthorized use of devices on the network. When an employee or other user becomes aware of suspicious activity, he/she is to immediately contact the network administrator with the relevant information.
This policy and procedure also covers third party vendors/contractors that contain or have access to SSSD critically sensitive data. All third-party entities will be required to sign the Restriction on Use of Confidential Information Agreement before accessing our systems or receiving information.
It is the policy of SSSD to fully conform with all federal and state privacy and data governance laws. Including the Family Educational Rights and privacy Act, 20 U.S. Code §1232g and 34 CFR Part 99 (hereinafter “FERPA”), the Government Records and Management Act U.C.A. §62G-2 (hereinafter “GRAMA”), U.C.A. §53A-1-1401 et seq. and Utah Administrative Code R277-487.
The board directs the SSSD Security Information Officer (SIO) to develop procedures to support this policy. Professional development for staff regarding the importance of network security and best practices is to be included in the procedures. The procedures associated with this policy are consistent with guidelines provided by cyber security professionals worldwide and in accordance with Utah Education Telehealth Network (UETN). The board supports the development, implementation and ongoing improvements for a robust security system of hardware and software that is designed to protect data, users, and electronic assets.