Skip To Main Content

Logo Image

Oneida-Herkimer-Madison BOCES logo in white on a dark blue background

Logo Title

Administrators

Quality policies, enforcement of policies, and training of employees are all critical to effectively securing information. Below are recommendations administrators should consider for their district:

Employee Training and Awareness

  • Users should be trained at the time of their hiring.

  • Training should be refreshed at least annually on laws, regulations, policies, and best practices that should be followed to protect sensitive information.
     

Access and Inventory Management

  • Methods should be clearly defined and followed for granting access to and removing access from information systems.

  • The district should maintain an accurate inventory of all information systems utilized within the district.

  • Particular attention should be paid to systems that house personally identifiable or other sensitive information.
     

Technical Security Measures

Ensure technical measures are in place to protect data, including:

  • Anti-virus software.

  • Regular software updates.

  • Internet filtering and firewalls.

  • Encryption and VPN access.
     

Data Breach Response Procedures

Districts should define procedures to efficiently respond to a data breach, including:

  • Notification: Notify all necessary parties immediately.

  • Investigation: Determine how the breach occurred.

  • Remediation: Correct any altered data.

  • Prevention: Take measures to prevent a recurrence.