implementation of the pasi usage agreement
Post on 21-May-2015
1.682 Views
Preview:
DESCRIPTION
TRANSCRIPT
Provincial Approach to Student Information (PASI)
JTC Conference4825 Mount Royal College
Calgary, ABThursday, May 5, 2011
(2:15 – 3:15 PM; Room 75; fv)
by:
Alec Campbell, PASI Privacy Lead &John Myroon, PASI Communications Lead
Agenda• PASI current status and upcoming plans
• PASI Usage Agreement
• Boiler Plate security policy
• SIS vendor update
• Q’s & A’s
2
PASI CURRENT STATUS & PLANS
3
September 2010: Current StateSchool Authorities Ministry
PASI Shared Data Repository
Student Personal
Information
Student School
Enrolment
2 AuthoritiesReal-time PASI-enabled
400+ authorities Using PASIprep
“The right information…to the right people…at the right time!”
4
PASI & the Student Information Roadmap
PASI Phase 2
Course Mark Collection;Course Mark processing;
Ministry credentials
April 2011 – Sept 2012
Completed
Student Personal information and Student School
Enrolment collection & processing
PASIPhase 3
Course Mark extracts, Diploma exam
registration processing; Statement of marks; Transcripts; Diplomas
April 2012 – Dec 2013
Oct 2013 – Sept 2014
System Integration Projects
Extend Administrator and Student
Access interface
PASI Phase 1
5
Roadmap High Level TimelinePhase 2– Apr 2011 to Sept 2012PASI – Course mark collection, course mark processing, Ministry Credentials
Phase 3 – April 2012 to Dec 2013PASI – Course mark extracts, DER collections, statement of marks, transcripts
Apr 2011 Apr 2013Apr 2012 Apr 2014 Apr 2015
Phase 4–Oct2013 to Sep2014PASI – Student Information access
Ministry Integration – personal information, enrolment, course marks
Ministry legacy decommissioning
Final warranty
Ministry Integration Planning
PASI Program
Ministry Integration Program
6
PASI Phase 2 – Key dates for School Authorities
• April 20 – May 12 2011-Phase 2 Academic Records Requirements workshops
• November 2011 – Ministry-led course mark submission workshops
• December 2011 – Authority-led training for schools and central offices
• January 2012 – Begin course mark submission using PASIprep
7
The Road Ahead…Electronic
CUME
Action on Curriculum
Action on Inclusion
Inspiring Action
• Facilitate student placement• Support teacher lesson planning• Support student-based instruction• Support potential future interoperability to other Ministry systems
• (e.g. Children & Youth Services)
Student Personal InfoStudent School Enrolment
HS Course MarksCredentialsDiploma Exam Reg
2010 2014
….Completing the foundation to
support Education Transformation
Road to
Transformation
Drop outs
Student
Disengagement
Diverse
learning
needs
8
PASI USAGE AGREEMENT & BOILER PLATE SECURITY POLICY
9
Requirement• To meet PASI FOIP obligations, each
school authority must have a:– Signed PASI usage agreement– Reasonable security policy and procedures in
place
10
Why a Usage Agreement?• Student data now exposed beyond a
single school authority boundary via PASI core, which is the responsibility of Alberta Education
• FOIP Act requires that parties ensure the collection, use and disclosure of personal information contained in the PASI Core is properly managed and secured
11
Information Security Controls• PASI Usage Agreement has several
components:– PASI Usage Agreement body– Schedule A: Minimum Security Requirements– Security Policy Boilerplate (optional)
• School Technology Services Framework– School authority security controls assessment
tool
12
Key Requirement – Student Information Systems
• SIS functions and support for access control measures
• Ability to provide Alberta Education with SIS vendor contracts and agreements upon request
13
Key Requirement – Personal Information
• Security policies and procedures for:– Collection of personal information– Use and disclosure of personal information
• Advise Alberta Education of related breaches
14
Key Requirement – Audits
• Provide Alberta Education access to authority premise, records and computing facilities for investigation or audit purposes
• SIS creates and maintains audit trails and records to support investigations
15
Key Components - Information Security Controls
• Schedule A based on ISO/IEC 27001:2005– Approved information security policy– Confidentiality & non-disclosure agreements– Defined roles & responsibilities– Security controls include any third party delivery– Agreements established for exchange of information
with external parties– Detection, prevention and recovery controls– Access control policy
16
Key Components - Information Security Controls
• Continued:– Password security practices– Secure operating systems– Formal policy and security measure related to mobile
computing and communication facilities– Management responsibilities and procedures to
address information security incidents– Data protection and privacy reflected in polices,
procedures and contractual clauses– Compliance checks against security standards
17
PASI Usage AgreementTarget Date Activity Status
Jan 17 PASI Steering Committee review Done
Feb 22 STS focus group to review security requirements with IT
Done
May 5 JTC Review In Progress
May 8-9 Presentation to ASBOA Conference
Scheduled
May 31 Finalize PASI Usage agreement
18
School Authority To-Do’s• Review the draft PASI Usage Agreement to
understand requirements• Compare the Boilerplate security policy with your
own - Are there potential improvements you can make?
• Ensure future SIS vendor contracts provide for required audit features and access controls
Check out the “PASI Community Site”
For the draft usage agreement, getting started planning & quick reference guides and security boilerplate template
https://phoenix.edc.gov.ab.ca/login/default.asp
19
Managing Signed PUA Agreements
• Official notification of availability & need to sign• Copy of PUA will be available on Extranet• Send signed copy to ABED Info Exchange
Services (IES) - manage process• IES will: 24
Acknowledge receipt of signed PUAProvide school authority CEO with copy of
Ministry & School Authority signed PUAMaintain “registry” of signed PUAs
20
SIS VENDOR UPDATE
21
Vendor Status – Pilot
• Maplewood current plans– Make application changes for year end
processes– Plan second pilot with a new school authority
for September 2011 enrolment submission– Rollout PASI-enabled enrolments to remaining
school authority clients (Oct 2011 to Feb 2012)
22
Other SIS Vendor Activity• Pearson
– Completed high level design; starting development– Plan Conformance test for late fall 2011– Pilot enrolments starting early 2012 (Edmonton
Public, Edmonton Catholic & Peace Wapiti)
• MIG– Start design/development soon– Plan to start pilot (Lethbridge #54) early 2012
• Other Vendors– Starting integration activities– PASI receiving inquiries from new small vendors
23
School Authority To-Do • Understand your vendor’s plans and timelines• Determine your authority’s plans to become
PASI-enabled (Deadline – Aug 2013)– Consider your internal business cycle– Consider vendor product readiness
Check out the “SIS Vendor Status”
On the PASI Community Site https://phoenix.edc.gov.ab.ca/login/default.asp
24
QUESTIONS & ANSWERS
25
Questions
Please email your feedback on the PASI Usage Agreement or questions before May 26, 2011 to: PASI@gov.ab.ca
26
top related