Account Management

00:00

welcome back to student data privacy fundamentals. This lesson covers account management.

00:07

In this video, you will learn recommendations for managing all district accounts,

00:12

specifications for employee accounts,

00:16

guidelines for local administrator access

00:19

recommendations for remote access and requirements for contractors and vendors.

00:26

Access controls are essential for data security and integrity. The district maintains a strict process for the creation and termination of district accounts. For example, all new employees accounts are authorized through an HR hiring process prior to creation.

00:44

Role based permissions are used to establish access to all systems.

00:51

Here. You will want to address how often access security audits are completed. For example, access security is audited at least annually or whenever access permission requirements are changed for a particular application or software, or when an application or software is no longer necessary.

01:11

When an employee is hired by the district, the following process ensures that each staff member has the correct access and permissions to the resource is that are required for their per position.

01:23

Notification of a new employee is sent from human resource is to the Technology Department. This notification includes position, building, assignment and start date

01:34

Onley After notification has been received from human resource is, will the technology department create user accounts?

01:41

The user is given access and permissions to the necessary resource is based on their position and building assignments.

01:49

Any exception to permissions must be approved by the district administrator responsible for the system, the data manager in the Director of technology. Such requests should use an additional access request form

02:07

when a staff members employment has ended either by termination or resignation account. Permissions are revoked in one of two ways.

02:15

In the event of termination, HR will send immediate notification via email or phone call to technology leadership, requiring the account to be disabled at once. Preventing any further access to district resource is

02:30

HR will also send a suspension of service showing the termination date

02:35

in the event of resignation. H arsons, a suspension of service to technology indicate indicating the termination date. The account is disabled at the end of business on the termination date. Preventing further access to district resource is

02:53

in the event that a user having elevated permissions to any system separates from the district. Additional measures are taken to ensure that all elevated accounts to those systems are secure

03:05

in all instances, the system account unassociated network storage of the user that has separated from the district are immediately deleted or disabled. On the termination date

03:16

here, you will want to consider how to handle local access and administrator rights for four devices. For example, full time staff will be granted local administrator permissions for the use of a specific software application on devices assigned to them.

03:34

All other staff needing this elevated permission must be approved by the I. So

03:40

quiz time. Many school districts do not provide local admin controls to any users outside the Technology department staff.

03:50

What are some pros and cons to this? Pause the video and consider this question as it will come into play. As you write your own policy and procedures,

04:02

you will need to address remote access, so consider the following examples.

04:08

Access into the district's network from outside is strictly prohibited without explicit authorization from the ice. Oh,

04:15

P I. I Confidential information and or internal information that is stored or accessed remotely shall maintain the same level of protections as information stored and accessed within the district network.

04:29

In the event that remote access is needed by a contractor vendor access must be approved by the I. So

04:35

the isil will train all database system administrators who work with vendors requiring remote access to district databases. And I so will maintain a list of trained database system administrators.

04:50

Consider the following examples in regard to contractors and vendors and address as needed. In your own policy,

04:58

access to contracts or vendors is governed through the same process outlined in school board policies.

05:04

All contractor vendor access must be approved by HR in the eye. So

05:11

all contractors doing business on district premises must also pass a background check. Unless other security measures are addressed in a vendor contract,

05:20

all contractors or vendors accessing district data will be considered on premise users.

05:27

Once the approval has been obtained, the technology department will create the account.

05:33

In today's video, we discussed recommendations for managing all district accounts, including how technology staff get notified to create new accounts.

05:43

Specifications for employee accounts, including creation for new staff and deletion for staff. Leaving the district

05:50

guidelines for local administrator access, including what staff have rights and how other staff can get approved for local admin rights

05:59

recommendations for remote access and which users should have a remote access to district networks or data

06:05

and requirements for contractors and vendors to protect a district, re sources and data.

06:11

In the next lesson, we will discuss data system roles and permissions.