Code of Connection to Schools Networks Capita Learning Gateway Only

Part A

Code of Connection to Schools Networks – Capita Learning Gateway only

This Code of Connection is a requirement for Capita to gain access to the

………………………………………………………………………… School’s network.

(Name of the school)

• *The school’s network is managed by Suffolk County Council (SCC).
• *The school’s network is managed by: ……………………………………………………
• *The school’s network is managed directly by the school.

(*delete if not applicable)

I...... forCapita

(Name of Director or equivalent of Contractor) (Name of Contractor)

certify that the following security measures are in place and are adhered to. These are the minimum requirements for connection to the networks.

1.My organisation is abiding by the Information Security and Communication Policy (Addendum) (Part B of this document)and theschool’s Acceptable Use ofICT Policy.

2.Before using the school’s network all staff requiring access will be made aware of the Information Security and Communication Policy (Addendum) (Part B of this document)and theschool’s Acceptable Use ofICT Policy.

3.Any system connected to the school’s network is managed in accordance with the Information Security and Communication Policy (Addendum) (Part B of this document)and theschool’s Acceptable Use ofICT Policy.

4.Access to the school’s network is subject to identification and authentication controls appropriate to the type and classification of the service (for example; passwords, token-based password systems, defined authentication protocols).

5.Links to other systems/networks not covered by a Code of Connection are not permitted during an active session.

6.Where on-line access to school-attached systems is allowed, authentication and access controls are in place that meet or exceed school’s standards as defined in the Acceptable Use ofICT Policyand supporting documents.

7.Access controls are in place to ensure users are able to access only those school services for which they are authorised.

8.My organisation will not allow through-connection from any other network. This specifically includes directly connected networks and networks initiated through dial-up connections.

9.One named individual in my organisation is responsible for the security of any system or network connecting to the school’s network.

10.All relevant staff are aware of their responsibilities in relation to the school’s information security.

11.All incidents that constitute a threat to the school will be reported to the school as soon as possible and no more than two weeks after they occur.

12.My organisation has up-to-date virus protection on equipment connecting to the school’s network.

13.All files obtained through a connection to external services are checked by an up-to-date virus checking utility before being used on any system connected to the school’s network.

14.My organisation acts as a permanent host on the Internet or any web-related service, the schools MIS information is held locally at the school site and not stored on the hosted platform. MIS information is requested on demand by the hosted platform and is displayed through a URL to the end user. When a user is provisioned for SIMS Learning Gateway certain attributes of personal data are stored centrally on the platform. Depending on current product functionality this list could change and therefore Capita can provide a list of the most up to date attributes stored upon request.Further, Schools may, at their discretion, also publish files that contain personal data on their Hosted SIMS Learning Gateway sites.

Signatures

I certify that the above is a true position statement. I understand that failure to meet any part of this Code of Connection may result in disconnection.

Signature
Name
Position
Date
This signatory must carry the specific authority of the Director of Capita. / This signatory must be the nominated individual responsible for security for Capita.

Any significant changes in the status of my organisation will be communicated to the school.

I authorise Capita to connect to the school’s network.

Signature
Name
Position
For
Date
This signatory must carry the specific authority of the Head Teacher of the School. / This signatory must be a Senior Manager or Director of the School Network Supplier. (If applicable)

Part B

Information Security and Communication Policy (Addendum)

1.Outline

1.1This addendum to the Information Security Policy relates to the specific use of school’s services and the operation of the school’s connection.

1.2This organisation has the capability to provide inter-connectivity between our systems and individuals and the school’s to benefit inter-agency working and improve services. The exact arrangements for each application that will run across such a connection must be approved by the school.

1.3Access control to the networks firewall will be restricted to the System Administrator and the Security Manager.

2.Compliance

2.1This addendum must also be read with the following policies, the adherence of which is mandated by the school:

2.1.1Acceptable Use of ICT Policy (see 3. below for salient points – the School can supply their policy)

2.1.2Code of Connection to School’s Networks (Part A of this document)

2.1.3Non-disclosure agreement (Data Protection etc)

2.1.4 Procedure for electronic connection to the school’s network (Customer Specific, if applicable)

3.Acceptable Use

3.1The salient points of the Standards for acceptable use of the school’s information are reproduced below; however these are not exhaustive and it is important that the full implications are understood from the Code of Connection and the content of the policy, supporting documents listed in 2.1 above.

3.2You are responsible for ensuring that you understand the limits of your authority and that you stay within those limits. This includes acting appropriately with information to which you may gain access, either intentionally or inadvertently.

3.3You must maintain the security of the information that the school holds and produces by complying with this addendum for processing information and for using the school’s facilities.

3.4You must report any known or suspected breaches of security to the school through their security reporting procedure.

3.5If you are a manager, you must also ensure that employees and contractors working with or for you are aware of and comply with this addendum.

3.6You must not undertake any unlawful, libellous, immoral or offensive activities, including accessing, downloading, storing, creating, copying or disseminating offensive material. This includes, but is not limited to, pornographic, sexual, violent or criminal content and racist, sexist or otherwise discriminatory material.

3.7You must not use school’s facilities for commercial purposes outside of the authority or remit of the school or for personal financial gain.

3.8You must take appropriate steps to secure the equipment and information to which you have access. When your equipment or information is unattended, you must not rely on building controls such as security doors to prevent unauthorised access or use.

3.9You must not disclose in writing, speech or electronically information held by the school unless you are authorised to do so and recipients are authorised to receive it.

3.10Whilst printers, photocopiers or faxes are used for confidential or sensitive information, they must be attended by an appropriate person.

3.11Security of electronic information is achieved through the use of logins and passwords. You must log in using your own login name and a secure password known only to you.

3.11.1Your passwords must not be correctly spelled English words. They must contain a combination of 3 out of the following 4: numbers, special characters and upper and lower case letters and be at least 6 characters in length.

3.11.2You must change your password when prompted by the system.Old passwords must not be reused for twelve months.

3.11.3You must not disclose your password to anyone. You are accountable for any action taken using your login and password. If you are asked to log in to your computer and allow IT support staff to access the network, you should note the date and time that they are using your login in case of later query.

3.11.4You must not tell the system to store passwords so that it can access them without you typing them in.

3.11.5If you know or suspect that your password is no longer secure, you must change it immediately and follow the incident reporting procedure.

3.12You must not do anything that would compromise the security of the information held by the school, including:

3.12.1Installing or downloading software or computer programs without prior authorisation by your line manager and only in consultation with your ICT provider.

3.12.2Knowingly propagating any virus or other program that is harmful to normal computer operations.

Signatures

I certify that Capita will abide with this Information Security and Communication Policy (Addendum) and understand that failure to meet any part of it may result in disconnection.

Signature
Name
Position
For
Date
This signatory must carry the specific authority of the Director of Capita. / This signatory must be the nominated individual responsible for security for Capita

Any significant changes in the status of my organisation will be communicated to the school.

If there is anything in this addendum or the supporting documents that you do not understand, please discuss it with your line manager or school contact.

The completed document needs to be returned to the school at the following address:

……………………………………………………..

……………………………………………………..

……………………………………………………..

……………………………………………………..