Page 12 - THE REGENT SCHOOL 1
P. 12
Theme 8:
Establish Balance between Strong IT Security and Increased Access to
Information and Services
Who are the main leads and what do they need to do?
The Board expects that sensitive data and information technology resources will be safeguarded, that
confidentiality will be maintained, and that access will be restricted to those individuals who require
access to carry out their job responsibilities. On the other hand, as discussed in Theme 6, data are not
readily accessible in a format that enables them to make critical decisions. This is becoming
increasingly difficult in an increasingly risky global technical environment. It is necessary to strike a
balance between security and accessibility.
Risks:
1. Governance
Due to the absence of staff IT policy, the IT department lacks formal processes for adhering to IT
policies when dealing with staff. Current processes within the organisation are inconsistent, and there
is no established mechanism for reporting and monitoring compliance.
2. Asset and Data Inventory
The school does not maintain an accurate inventory of its data and assets. Across schools,
documentation is inconsistent and fragmented. Failure to identify, authorise, and assign ownership of
critical assets jeopardises the organization's ability to secure data and respond efficiently and effectively
to information security breaches.
3. Vulnerability Network Management
Our school network is secure and is not currently vulnerable to common attacks. The IT team will
continue to manage and monitor our network's vulnerability through a formal and accountable
process.
4. User Access Management
The school lacks consistent and documented user management processes. In addition, the school has
not formally defined role-based access for some key organizational applications and there is no process
for reviewing access on a periodic basis. This lack of standardization creates an environment where
requesting and granting access to resources and data is time-consuming and cumbersome and logical
access to school IT resources is not terminated in a timely fashion after an individual’s official capacity
with the school has ended.
IT STRATEGIC FOCUS FOR 2021-2025 12