To ensure that information and information systems are adequately protected against damage, loss, and unauthorized use, disclosure or modification.
When information and information systems are protected, the District is better positioned to: protect the privacy of staff and students; manage risks; preserve resources; enable innovation and provide seamless and integrated educational programming.
All records created in the service of Edmonton Public Schools, regardless of form or creator, are the property of Edmonton Public Schools. Records are an asset and support the District's work in providing a quality education to each student to reach their maximum potential.
District information is data in any form (physical or digital, in transmission or stored) created or captured for the purpose of Edmonton Public Schools activities in line with the District's educational mandate and Mission, Vision and Priorities.
Information security is the protection of information from losses of:
- Confidentiality: Information must not be disclosed, purposefully or inadvertently, to anyone who does not have authority to receive it.
- Integrity: Information needs to be accurate and complete.
- Availability: Information must be available when required.
The Board is committed to a district-wide, systematic and coordinated approach to ensuring the confidentiality, integrity and availability of district information assets in order to support the District's work in providing a quality education to students in a safe and secure learning environment. The Board believes that the District's approach to information security should be consistent with international standards, should enable business and educational outcomes, and expects the following principles to guide this work:
- Accountability - The responsibilities and accountability of the District, its staff and all users of district information systems should be explicit.
- Awareness - The District, its staff and all users of district information should be aware of the need for the security of information systems and what they can do to enhance security.
- Ethics - The information systems and the security of information systems should be provided and used in such a manner that the rights and legitimate interest of others are respected.
- Multidisciplinary - Measures, practices and procedures for the security of information systems should take account of and address all relevant considerations and viewpoints.
- Proportionality - Security levels, costs, measures, practices and procedures should be appropriate and proportionate to the value of and degree of reliance on the information systems and to the severity, probability and extent of potential harm.
- Integration - Measures, practices and procedures for the security of information systems should be coordinated and integrated with other measures, practices and procedures of the organization so as to create a coherent system of security.
- Timeliness - The District should act in a timely coordinated manner to prevent and respond to breaches of security of information systems.
- Reassessment - The security of information systems should be reassessed periodically, as information systems and the requirements for their security vary over time.
- Transparency - The security of information systems should be compatible with the legitimate use and flow of data and information in an open and accountable public institution.