implementation of the pasi usage agreement

Provincial Approach to Student Information (PASI)

JTC Conference4825 Mount Royal College

Calgary, ABThursday, May 5, 2011

(2:15 – 3:15 PM; Room 75; fv)

by:

Alec Campbell, PASI Privacy Lead &John Myroon, PASI Communications Lead

Agenda• PASI current status and upcoming plans

• PASI Usage Agreement

• Boiler Plate security policy

• SIS vendor update

• Q’s & A’s

2

PASI CURRENT STATUS & PLANS

3

September 2010: Current StateSchool Authorities Ministry

PASI Shared Data Repository

Student Personal

Information

Student School

Enrolment

2 AuthoritiesReal-time PASI-enabled

400+ authorities Using PASIprep

“The right information…to the right people…at the right time!”

4

PASI & the Student Information Roadmap

PASI Phase 2

Course Mark Collection;Course Mark processing;

Ministry credentials

April 2011 – Sept 2012

Completed

Student Personal information and Student School

Enrolment collection & processing

PASIPhase 3

Course Mark extracts, Diploma exam

registration processing; Statement of marks; Transcripts; Diplomas

April 2012 – Dec 2013

Oct 2013 – Sept 2014

System Integration Projects

Extend Administrator and Student

Access interface

PASI Phase 1

5

Roadmap High Level TimelinePhase 2– Apr 2011 to Sept 2012PASI – Course mark collection, course mark processing, Ministry Credentials

Phase 3 – April 2012 to Dec 2013PASI – Course mark extracts, DER collections, statement of marks, transcripts

Apr 2011 Apr 2013Apr 2012 Apr 2014 Apr 2015

Phase 4–Oct2013 to Sep2014PASI – Student Information access

Ministry Integration – personal information, enrolment, course marks

Ministry legacy decommissioning

Final warranty

Ministry Integration Planning

PASI Program

Ministry Integration Program

6

PASI Phase 2 – Key dates for School Authorities

• April 20 – May 12 2011-Phase 2 Academic Records Requirements workshops

• November 2011 – Ministry-led course mark submission workshops

• December 2011 – Authority-led training for schools and central offices

• January 2012 – Begin course mark submission using PASIprep

7

The Road Ahead…Electronic

CUME

Action on Curriculum

Action on Inclusion

Inspiring Action

• Facilitate student placement• Support teacher lesson planning• Support student-based instruction• Support potential future interoperability to other Ministry systems

• (e.g. Children & Youth Services)

Student Personal InfoStudent School Enrolment

HS Course MarksCredentialsDiploma Exam Reg

2010 2014

….Completing the foundation to

support Education Transformation

Road to

Transformation

Drop outs

Student

Disengagement

Diverse

learning

needs

8

PASI USAGE AGREEMENT & BOILER PLATE SECURITY POLICY

9

Requirement• To meet PASI FOIP obligations, each

school authority must have a:– Signed PASI usage agreement– Reasonable security policy and procedures in

place

10

Why a Usage Agreement?• Student data now exposed beyond a

single school authority boundary via PASI core, which is the responsibility of Alberta Education

• FOIP Act requires that parties ensure the collection, use and disclosure of personal information contained in the PASI Core is properly managed and secured

11

Information Security Controls• PASI Usage Agreement has several

components:– PASI Usage Agreement body– Schedule A: Minimum Security Requirements– Security Policy Boilerplate (optional)

• School Technology Services Framework– School authority security controls assessment

tool

12

Key Requirement – Student Information Systems

• SIS functions and support for access control measures

• Ability to provide Alberta Education with SIS vendor contracts and agreements upon request

13

Key Requirement – Personal Information

• Security policies and procedures for:– Collection of personal information– Use and disclosure of personal information

• Advise Alberta Education of related breaches

14

Key Requirement – Audits

• Provide Alberta Education access to authority premise, records and computing facilities for investigation or audit purposes

• SIS creates and maintains audit trails and records to support investigations

15

Key Components - Information Security Controls

• Schedule A based on ISO/IEC 27001:2005– Approved information security policy– Confidentiality & non-disclosure agreements– Defined roles & responsibilities– Security controls include any third party delivery– Agreements established for exchange of information

with external parties– Detection, prevention and recovery controls– Access control policy

16

Key Components - Information Security Controls

• Continued:– Password security practices– Secure operating systems– Formal policy and security measure related to mobile

computing and communication facilities– Management responsibilities and procedures to

address information security incidents– Data protection and privacy reflected in polices,

procedures and contractual clauses– Compliance checks against security standards

17

PASI Usage AgreementTarget Date Activity Status

Jan 17 PASI Steering Committee review Done

Feb 22 STS focus group to review security requirements with IT

Done

May 5 JTC Review In Progress

May 8-9 Presentation to ASBOA Conference

Scheduled

May 31 Finalize PASI Usage agreement

18

School Authority To-Do’s• Review the draft PASI Usage Agreement to

understand requirements• Compare the Boilerplate security policy with your

own - Are there potential improvements you can make?

• Ensure future SIS vendor contracts provide for required audit features and access controls

Check out the “PASI Community Site”

For the draft usage agreement, getting started planning & quick reference guides and security boilerplate template

https://phoenix.edc.gov.ab.ca/login/default.asp

19

Managing Signed PUA Agreements

• Official notification of availability & need to sign• Copy of PUA will be available on Extranet• Send signed copy to ABED Info Exchange

Services (IES) - manage process• IES will: 24

Acknowledge receipt of signed PUAProvide school authority CEO with copy of

Ministry & School Authority signed PUAMaintain “registry” of signed PUAs

20

SIS VENDOR UPDATE

21

Vendor Status – Pilot

• Maplewood current plans– Make application changes for year end

processes– Plan second pilot with a new school authority

for September 2011 enrolment submission– Rollout PASI-enabled enrolments to remaining

school authority clients (Oct 2011 to Feb 2012)

22

Other SIS Vendor Activity• Pearson

– Completed high level design; starting development– Plan Conformance test for late fall 2011– Pilot enrolments starting early 2012 (Edmonton

Public, Edmonton Catholic & Peace Wapiti)

• MIG– Start design/development soon– Plan to start pilot (Lethbridge #54) early 2012

• Other Vendors– Starting integration activities– PASI receiving inquiries from new small vendors

23

School Authority To-Do • Understand your vendor’s plans and timelines• Determine your authority’s plans to become

PASI-enabled (Deadline – Aug 2013)– Consider your internal business cycle– Consider vendor product readiness

Check out the “SIS Vendor Status”

On the PASI Community Site https://phoenix.edc.gov.ab.ca/login/default.asp

24

QUESTIONS & ANSWERS

25

Questions

Please email your feedback on the PASI Usage Agreement or questions before May 26, 2011 to: PASI@gov.ab.ca

26