| Policy Code | 310 |
|---|---|
| Adoption Date | November 6, 2013 |
| Amendment Date | May 26, 2026 |
| Cross Reference | Policy 101, Policy 102, Policy 311, AP-312, AP-313, AP-314, AP-320, AP-321, AP-322, AP-323, AP-325, AP-326, AP-327, AP-328, AP-505 |
| Legal Reference | Education Act, SA 2012, c E-0.3; Protection of Privacy Act, SA 2024, c P-28.5 |
Grasslands Public Schools values the ability to openly communicate ideas and share information in order to enhance student learning, maintain a positive learning environment, and promote community involvement. The Division also believes information is an important asset that should be protected according to its value to the Division and to the degree of damage that could result from its misuse, loss, or disclosure. Grasslands Public Schools shall ensure that appropriate security controls are implemented, monitored, and reviewed to protect the confidentiality, integrity, and availability of the Division's information and information systems.
GUIDELINES
Security principles
Accessibility: Grasslands Public Schools believes there is a need to balance the requirement for security of information with the ability for information to be accessed and used. The level of security applied to a given system should be commensurate with the value of the information assets the system holds.
Confidentiality: Grasslands Public Schools believes that information should be classified according to an appropriate level of confidentiality, integrity, and value and that information should be protected in a manner that is commensurate with its level of classification.
Ethics: Grasslands Public Schools believes that information systems should be used responsibly and professionally, in a manner that respects the rights, privacy, and interests of others.
Responsibility: Grasslands Public Schools believes that all individuals who use Division information systems have a responsibility to protect and ensure the security and integrity of the information to which they are given access, and to respond to incidents that compromise information security.
Adaptability: Grasslands Public Schools believes information security policies, procedures, and practices must be capable of adapting to a rapidly evolving information technology landscape and shall evolve to meet the needs and expectations of the jurisdiction.
Proportionality: Grasslands Public Schools believes information security should be appropriate and proportionate to the degree of reliance on the IT systems and to the probability and extent of potential harm.
Compliance: Grasslands Public Schools has a responsibility to comply with legal, regulatory, and contractual requirements.
Awareness: Grasslands Public Schools believes that all individuals with access to information systems share responsibility for their protection and must maintain current knowledge of security practices through ongoing training.
Classification: Grasslands Public Schools believes that information systems shall be classified according to their criticality, scope, and organizational impact. Security controls shall be proportionate to system classification.
Recoverability: Grasslands Public Schools believes information and information systems must be protected through backup and recovery mechanisms appropriate to their classification and criticality, enabling timely restoration following incidents, errors, or disasters.
PROCEDURES
User agreement
All individuals granted access to Grasslands Public Schools information systems must acknowledge their responsibilities by completing an Information and Systems Access Agreement prior to access being granted.
Ownership and monitoring
All information systems, infrastructure, and data created or stored on Grasslands Public Schools systems remain the property of Grasslands Public Schools and may be accessed, monitored, or audited at any time to ensure compliance with policy and applicable law.
Information handling
All individuals with access to Division information systems shall handle information in a manner that protects it from unauthorized viewing, access, or disclosure. Handling requirements for each classification level are defined in A.P. 313 – Data Classification.
Incident reporting
All individuals must promptly report suspected or confirmed information security incidents, breaches, or policy violations to the Technology Department.
Synthetic media and digital content
All members of the school community have a right to digital integrity and personal dignity. The creation, distribution, or use of synthetic or manipulated digital content, including AI-generated media, to deceive, harass, impersonate, or harm any individual is a serious violation of Division values.
Roles and responsibilities
Information security is a shared responsibility across the Division. The Board holds Senior Administration accountable for establishing a culture of security awareness, ensuring proportionate controls are in place, and responding effectively when incidents occur. Detailed role assignments are defined in the applicable administrative procedures.
Compliance
The Division recognizes that information security violations have unique circumstances. Violations of this policy will be evaluated based on the nature of the violation, the harm incurred, any previous violations by the individual, and mitigating factors.
Sanctions resulting from violations of this policy may include:
Verbal warning
Written warning
Removal or restriction of access rights
Dismissal
Legal action
Policy review
This policy shall be reviewed annually or following significant security incidents, organizational changes, or changes to applicable legislation.