119 - Technology Security and Privacy
Central Utah Educational Services (CUES) supports secure network systems, including security for all personally identifiable information that is stored on paper or stored digitally on CUES-maintained computers and networks. This policy supports efforts to mitigate threats that may cause harm to the districts, students, or employees in the CUES region.
CUES will ensure reasonable efforts will be made to maintain network security. Data loss can be caused by human error, hardware malfunction, natural disaster, security breach, etc., and may not be preventable.
All persons who are granted access to the CUES network and other technology resources are expected to be careful and aware of suspicious communications and unauthorized use of devices on the network. When an employee or other user becomes aware of suspicious activity, he/she is to immediately contact the network administrator with the relevant information.
This policy also covers third party vendors/contractors that contain or have access to CUES critically sensitive data. All third party entities will be required to sign the Restriction on Use of Confidential Information Agreement before accessing our systems or receiving information.
It is the policy of CUES to fully conform with all federal and state privacy and data governance laws. Including the Family Educational Rights and Privacy Act, 20 U.S. Code §1232g and 34 CFR Part 99 (hereinafter “FERPA”), the Government Records and Management Act U.C.A. §62G-2 (hereinafter “GRAMA”), U.C.A. §53A-1-1401 et seq. and Utah Administrative Code R277-487.
The board directs the CUES Director to develop procedures to support this policy. Professional development for staff regarding the importance of network security and best practices is to be included in the procedures. The procedures associated with this policy are consistent with guidelines provided by cybersecurity professionals worldwide and in accordance with Utah Education Network. The board supports the development, implementation, and ongoing improvements for a robust security system of hardware and software that is designed to protect data, users, and electronic assets.
Policy Received Board Approval on 06/20/2023