3. Technology Handbook

Acceptable Use Policy

1. Overview
1.1 The Power of Technology
2. Purpose
3. Scope and Policy Change
3.1 Scope
3.2 Consistency with other school policies
3.3 Implementation, Policy Review
4. Policy
4.1  General Use and Ownership
4.1.1 Security and Proprietary Information
4.2 Student Device
4.2.1 Excessive or Repeated Damage
4.3 Bags/Backpacks and the Computer Case
4.4 Camera/Video/Audio Recording Guidelines
4.5 Cellular phones
4.6 Other devices and Electronic Media
4.7 Lost, Stolen, or Damaged Computers and Equipment
4.7.1 Reporting Procedure
4.8 Email and Communication Activities
4.8.1 Social Media and Blogging
4.9 Unacceptable Use
5. Policy Compliance
5.1 Compliance Measurement
5.2 Exceptions
5.3 Non-Compliance
5.4 Consequences
6. Student Technology Resources
6.1 Printing and photocopying
6.2 Tech Support
7. Privacy, Liability, and Parent Responsibility
7.1 Limited Expectation of Privacy
7.2 Limitation on School Liability
7.3 Parent Responsibility
8. Related Standards, Policies and Processes
9. Definitions and Terms
10. Revision History 
11. Acceptance and Acknowledgemen

1. Overview

Academy of Holy Angels (AHA) Technology Department’s intentions for publishing a Technology Acceptable Use Policy (AUP) are not to impose restrictions that are contrary to AHA’s established culture of openness, trust and integrity or its stated educational mission, goals, or objectives. AHA Technology Department is committed to protecting AHA's students and the school from illegal or damaging actions by individuals, either knowingly or unknowingly. Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, WWW browsing and applications, and FTP, are the property of AHA. These systems are to be used for educational or business purposes in serving the interests of the students, school, and of our families, clients and customers in the course of normal operations. Please review Human Resources policies for further details. Effective security is a team effort involving the participation and support of every AHA student, employee and affiliate who deal with information and/or information systems. The use of AHA computer system and access to the Internet is a privilege, not a right. It is the responsibility of every computer user to know these guidelines, and to conduct their activities accordingly.

1.1 The Power of Technology 

Users are reminded that technology can be a powerful tool. While it can open a window to the world and act as a catalyst for human creativity, communication and 21st century skills, it can also be a distraction if not used mindfully.  Parents and students should discuss guidelines for computer and internet use at home and students should strive to use the technology at their disposal responsibly.  The Academy of Holy Angels mission includes educating students to excel intellectually and lead responsibly.  Users are encouraged to exercise self-control, practice effective time management, discern the advantages and disadvantages of multi-tasking, use caution when social networking and intentionally monitor their own temptation to use technology as a distraction.  

2. Purpose

The purpose of this policy is to detail the acceptable use of computer equipment and Technology at AHA. These rules are in place to protect the students, employees, AHA and its property. Not following this policy can, at a minimum, cause students to not be properly equipped for class or worse, possibly expose AHA to risks including virus attacks, compromise of network systems and services, and legal issues.

3. Scope and Policy change

3.1 Scope

This policy applies to the use of information, electronic and computing devices, audio-visual, portable devices and network and server  resources to conduct AHA business or interact with internal networks and business systems, whether owned or leased by AHA, the employee, or a third party. All users at AHA and its subsidiaries are responsible for exercising good judgment regarding appropriate use of information, electronic devices, and network and server resources in accordance with AHA policies, standards, and local laws and regulation. Exceptions to this policy are documented in section 5.2

This policy applies to all technology users at AHA. This policy applies to all equipment, software, or digital services or resources that are owned, leased, or provided by AHA.

3.2 Consistency with Other School Policies

Use of Academy of Holy Angel’s Technology, including computers, systems, networking, and the Internet shall be consistent with other school policies and the mission of the school, including the policies on academic honesty, respect, harassment and theft. This Technology Acceptable Use Policy also applies to internet postings done outside of AHA computer and network. We teach our students that the Internet is a public forum. As set forth in AHA's Code of Conduct, student conduct on and off campus needs to be in line with the Holy Angels code of conduct and the rules of the Minnesota State High School League. These rules apply not only to the school day, the school hours, and the school campus, they apply daily, on or off campus. Holy Angels retains the right to discipline its students according to our policies and guidelines based upon a student's own internet postings or any internet posting that demonstrates a violation of this Policy, the AHA Code of Conduct or any AHA policy or State High School League policy. We urge users to use caution and compassion in determining the messages and pictures that they post to the Internet about themselves and others.

3.3 Implementation, Policy Review

A. AHA’s Technology policies and procedures are available for review by all parents, guardians, staff and members of the AHA community.

B. Because of the rapid rate of change in technology, the administration shall conduct an annual review of the policy and recommend changes as necessary.

4. Policy

4.1 General Use and Ownership

4.1.1 Security and Proprietary Information

4.2 Student Device

 4.2.1 Excessive or repeated Major damage

The school-issued device needs to be kept in good working order and condition. While normal wear and tear is expected, any excessive or repeated major damage will be charged to the family. Negligence is not excused. Damage should be reported to the helpdesk immediately. Major damage includes but is not limited to: drops which result in a shattered screen, broken body, or  other cracked components, spills which can damage motherboard, keyboard or screen.  Families do not pay for the first incident, but will be notified via email when any major damage occurs. On the second incident, families will be notified and charged a $25 fee to their tuition account.  This resets each school year.  Fees may increase for repetitive or excessive damage.

4.3 Bags/Backpacks and the Computer Case

4.4 Camera/Video/Audio Recording Guidelines

4.5 Cellular phones

4.6   Other devices and Electronic Media 

4.7 Lost, Stolen, or Damaged Computers and Equipment

4.7.1 Reporting Procedure  

4.8 Email and Communication Activities

All AHA students and staff are issued a unique school e-mail account.  The purpose of the account is to better connect students and their teachers and to give users the necessary tools to conduct school business.  The expectation is that users will use this account for academic and business purposes. Email may also be used for communication for educational purposes.  Messages from the Main Office, the College and Career Center, and the Technology Office will be distributed through the email system during the school day. AHA will exercise its right to archive, inspect, and monitor email as it deems fit. When using school resources, such as email, to access the Internet, users must realize they represent AHA. Users should treat any electronic communications as formal communications, since they may be permanently stored at the server side, even if deleted from the user’s account/inbox or computer, and because these communications are not protected from discovery in litigation.

The following are prohibited:

4.8.1 Social Media and Blogging

4.9 Unacceptable Use

The following activities are prohibited.

Under no circumstances is an AHA technology user authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing AHA-owned resources.

The list below is by no means exhaustive, but attempts to provide a framework for activities that fall into the category of unacceptable use.

5. Policy Compliance

5.1 Compliance Measurement

AHA Technology Department will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.

5.2 Exceptions

Any exception to the policy must be approved by AHA Technology Department and/or AHA Administration in advance.

5.3 Non-Compliance

Any user found to have violated this policy may be subject to disciplinary action, up to and including suspension, expulsion or termination.  Depending on the nature and degree of the violation and the number of previous violations, unacceptable use of the school Technology systems or the Internet may result in one or more of the following consequences: cancellation of use or access privileges; removal or equipment from the user’s possession; payment for damages and repairs; discipline under other appropriate school policies, including suspension, expulsion or termination.

If a user inadvertently accesses unacceptable materials or an unacceptable Internet site, the user shall immediately exit that site and disclose the action to an appropriate school official. This disclosure may serve as a defense against an allegation that the user has intentionally violated this policy

The school’s supervisory personnel have the right to curtail or terminate usage in any given situation at their discretion.

5.4 Consequences 

6. Student Technology Resources

6.1 Printing and photocopying

6.2 Tech Support

7. Privacy, Liability, and Parent Responsibility

7.1 Limited Expectation of Privacy

7.2 Limitation on School Liability

Use of AHA’s computer system and network are at the user’s own risk. The system is provided on an “as is, as available” basis. The school will not be responsible for any damage users may suffer including, but not limited to, loss, damage or unavailability of data stored on school tapes, hard drives, or servers (third party or AHA owned), or for delays, changes, or quality of service of information or materials, regardless of the cause. The school is not responsible for the accuracy or quality of any advice or information obtained through or stored in school Technology systems. The school will not be responsible for financial obligations arising through unauthorized use of the school Technology systems or the Internet.

7.3 Parent Responsibility

Outside of school, parents bear responsibility for proper guidance of Technology and Internet use as they exercise with information sources such as television, telephones, radio, movies and other possibly offensive media. If the student is accessing the school system from home or another remote location, parents are responsible for monitoring their student’s use of the AHA computers, computer system and of the Internet.

8. Related Standards, Policies and Processes

9. Definitions and Terms

Definition and specific computer security terms can be found in the SANS Glossary located at: https://www.sans.org/security-resources/glossary-of-terms/

10. Revision History

1/22/15 lj, 7/16/15 ga, 1/28/16 ga/lj, 2/1/18 ga

11. Acceptance and Acknowledgement

By signing the tuition contract and/or employment agreement, users agree to the terms of this policy.

 

 (updated 6-27-18 cd)



Cyberbullying Policy

All forms of bullying are against AHA policy. Cyberbullying is the misuse of technology that causes substantial disruption of the learning environment. It includes, but is not limited to, teasing, intimidation, defaming, threatening, or terrorizing another student, teacher, administrator, volunteer, contractor, or other employee of the school by sending or posting e-mail messages, instant messages, text messages, digital pictures or images, or Web site posting, including blogs. Misuse of technology may constitute an act of bullying regardless of whether such acts are committed on or off school property and/or with or without the use of school resources.

Consequences may include, but are not limited to: serious warning, loss of technology privileges, suspension, and even expulsion.  Cyberbullying may also result in criminal prosecution or civil action.

Substantial Disruption of the Learning Environment

Substantial Disruption of the Learning Environment as the result of cyberbullying off campus “means without limitation that any one or more of the following occur as a result of the bullying (AR Legislature, Public Act 115). 

  1. Necessary cessation of instruction or educational activities;
  2. Inability of students or educational staff to focus on learning or function as an education unit because of hostile environment;
  3. Severe or repetitive disciplinary measures are needed in the classroom or during education al activities; or
  4. Exhibition of other behavior by students or educational staff that substantially interfere with the learning environment.

Examples of cyberbullying

Cyberbullying can take many different forms. These are some examples:

Any form of Cyberbullying can be a violation of the Student Code of Conduct and disciplined accordingly. See the Disciplinary Action Options section in the Discipline and Codes of Conduct area of the Student Policy Handbook.

(Adopted 1/26/09 ; updated mn 6/14/11, updated 12/17/19 ga)



Internet Safety Policy

The Academy of Holy Angels’ (hereinafter “school”) Internet Safety Policy represents a good faith effort to promote the safe, ethical, responsible, and legal use of the Internet, support the effective use of the Internet for educational purposes, protect students against potential dangers in their use of the Internet, and ensure accountability.

It is the policy of the School to:

  1. Prevent access by minors to inappropriate matter on the Internet;
  2. Ensure the safety and security of minors when using electronic mail, chat rooms and other forms of direct electronic communications;
  3. Prevent the unauthorized access, including so-called “hacking,” and other unlawful activities by minors online;
  4. Prevent the unauthorized disclosure, use, and dissemination of personal information regarding minors; 
  5. Implement measures restricting minors’ access to materials harmful to them; and
  6. Comply with the Children’s Internet Protection Act [Pub. L. No. 106-554 and 47 USC 254(h)].

Inappropriate Material

To the extent practical, technology protection measures (or “Internet filters”) shall be used to block or filter Internet, or other forms of electronic communications, access to inappropriate information.

Specifically, as required by the Children’s Internet Protection Act, blocking shall be applied to visual depictions of material deemed obscene or child pornography, or to any material deemed harmful to minors.

Subject to staff supervision, technology protection measures may be disabled for adults or, in the case of minors, minimized only for bona fide research or other lawful purposes. 

Inappropriate Network Usage

To the extent practical, steps shall be taken to promote the safety and security of users of the School’s online computer network when using electronic mail, chat rooms, instant messaging, and other forms of direct electronic communications.

Specifically, as required by the Children’s Internet Protection Act, prevention of inappropriate network usage includes: (a) unauthorized access, including so-called ‘hacking,’ and other unlawful activities; and (b) unauthorized disclosure, use, and dissemination of personal identification information regarding minors.

Education, Supervision and Monitoring

It shall be the responsibility of all members of the School staff to educate, supervise and monitor appropriate usage of the online computer network and access to the Internet in accordance with this policy, the Children’s Internet Protection Act, the Neighborhood Children’s Internet Protection Act, and the Protecting Children in the 21st Century Act.

The School will implement the use of a Technology Protection Measure, or filter, to protect against access to visual depictions that are obscene, child pornography, and materials that are harmful to minors, as defined by the Children's Internet Protection Act. The filter may also be configured to protect against access to other material considered inappropriate for students to access.  Procedures for the disabling or otherwise modifying any technology protection measures shall be the responsibility of Director of Technology or designated representatives.

The Director of Technology or designated representatives will provide training for ALL students who use the School’s Internet facilities. The training provided will be designed to promote the School’s commitment to:

a. The standards and acceptable use of Internet services;

b. Student safety with regard to:

  1. Safety on the Internet;
  2. Appropriate behavior while on online, on social networking Web sites, and in chat rooms; and
  3. Cyberbullying awareness and response; 

c.     Age appropriate materials will be made available for use across grade levels;

d.    Training on online safety issues and materials implementation will be made available for administration, staff and parent; and      

e.     Compliance with the E-rate requirements of the Children’s Internet Protection Act (“CIPA”). 

The School will implement procedures to supervise and monitor student use of the Internet through staff supervision and technical monitoring. Student use of the network will be supervised by staff in a manner that is appropriate to the age of the students and circumstances of use.

Record Retention

School will retain Internet Safety Policy documentation — including both the Policy itself and the adoption records — for a period of five years after the end of the funding year that relied on that Policy.

Although five years is the standard record retention rule, the FCC notes that this may mean the retention of Policy documentation for far longer than five years.  If, for example, a Policy adopted in 2005 was used as the basis for a Form 486 certification for 2011-2012, the documentation must be retained until at least June 30, 2017.  Special dispensation on record retention is provided for applicants who had adopted their policies prior to August 2004, the date the FCC initially established the five-year retention rule.

Adoption

CIPA Requires a local public notice and a hearing or meeting to address any newly adopted Internet safety policies pursuant to CIPA. This requirement only applies to an entity that has no previous Internet Safety Policy or did not provide public notice and a hearing or meeting when it adopted its Internet Safety Policy.

This Internet Safety Policy was adopted by the Board of Directors at a public meeting, following normal public notice, on February, 28, 2015


CIPA glossary of terms:

Child Pornography: Any visual depiction, including any photograph, film, video, picture, or computer or computer-generated image or picture, whether made or produced by electronic, mechanical, or other means, of sexually explicit conduct, where— the production of such visual depiction involves the use of a minor engaging in sexually explicit conduct; such visual depiction is a digital image, computer image, or computer-generated image that is, or is indistinguishable from, that of a minor engaging in sexually explicit conduct; or such visual depiction has been created, adapted, or modified to appear that an identifiable minor is engaging in sexually explicit conduct.

Harmful To Minors: Any picture, image, graphic image file, or other visual depiction that: 1. Taken as a whole and with respect to minors, appeals to a prurient interest in nudity, sex, or excretion; 2. Depicts, describes, or represents, in a patently offensive way with respect to what is suitable for minors, an actual or simulated sexual act or sexual contact, actual or simulated normal or perverted sexual acts, or a lewd exhibition of the genitals; and 3. Taken as a whole, lacks serious literary, artistic, political, or scientific value as to minors.  (Secs. 1703(b)(2), 20 U.S.C. sec 3601(a)(5)(F) as added by CIPA sec 1711, 20 U.S.C. sec 9134(b)(f )(7)(B) as added by CIPA sec 1712(a), and 147 U.S.C. sec. 254(h)(c)(G) as added by CIPA sec. 1721(a)).

Inappropriate Matter:  A determination regarding what matter is inappropriate for minors shall be made by the school board, local educational agency, library, or other United States authority responsible for making the determination. No agency or instrumentality of the Government may, 1. Establish criteria for making such determination; 2. Review agency determination made by the certifying school, school board, local educational agency, library, or other authority; or 3. Consider the criteria employed by the certifying school, school board, educational agency, library, or other authority in the administration of subsection 47 U.S.C. § 254(h)(1)(B).

Minor:  Any individual who has not attained the age of 17 years.

Obscene: CIPA refers to existing federal law to define obscenity (18 U.S.C. Section 1460). Federal law does not define obscenity there, however. In the absence of a statutory definition, the courts will likely apply the Miller obscenity test, (Miller v. California, 413 U.S. 15, 25 [1973]), which leaves the definition of obscenity to state law.

Sexual Act: The 1. Contact between the penis and the vulva or the penis and the anus, and for purposes of this subparagraph contact involving the penis occurs upon penetration, however slight; 2. Contact between the mouth and the penis, the mouth and the vulva, or the mouth and the anus; 3. The penetration, however slight, of the anal or genital opening of another by a hand or finger or by any object, with an intent to abuse, humiliate, harass, degrade, or arouse or gratify the sexual desire of any person; or 4. The intentional touching, not through the clothing, of the genitalia of another person who has not attained the age of 16 years with an intent to abuse, humiliate, harass, degrade, or arouse or gratify the sexual desire of any person;

Sexual Contact:  The intentional touching, either directly or through the clothing, of the genitalia, anus, groin, breast, inner thigh, or buttocks of any person with an intent to abuse, humiliate, harass, degrade, or arouse or gratify the sexual desire of any person;

Technology Protection Measures:  A specific technology that blocks or filters Internet access to visual depictions that are: 1. Obscene, 2. Child Pornography, or 3. Harmful to minors. 

 



Mobile Device Policy

Overview

This is the Academy of Holy Angels policy for all mobile computing and electronic devices.  See the Technology Handbook for other details.

Email and Cloud Services 

When you add your AHA google account to a mobile device, you are agreeing to the following:

 



Password Policy

1. Overview

Passwords are an important aspect of computer security.  A poorly chosen password may result in unauthorized access and/or exploitation of Academy of Holy Angels (AHA) resources.  All users, including students, staff, contractors and vendors with access to AHA systems, are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords. 

2. Purpose

The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change.

3. Scope

The scope of this policy includes all students and personnel who have or are responsible for an account (or any form of access that supports or requires a password) on any system that resides at any AHA facility, has access to the AHA network, or stores any nonpublic AHA information. It applies to employees, contractors, consultants, temporary and other workers at AHA, including all personnel affiliated with third parties. This guideline applies to all passwords including but not limited to user-level accounts, system-level accounts, web accounts, e-mail accounts, screen saver protection, and network logins.

4. Policy

4.1         Password Creation

4.1.1 All user-level and system-level passwords must conform to the Password Construction Guidelines in section 6.

4.1.2 Users must not use the same password for AHA accounts as for other non-AHA access (for example, personal email or social media accounts).

4.1.3 Where possible, users must not use the same password for various AHA access needs.

4.1.4 User accounts that have system-level privileges granted through group memberships or programs must have a unique password from all other accounts held by that user to access system-level privileges.

4.2         Password Change

4.2.1 All system-level passwords (for example, Administrator) should be changed at least every six months.

4.2.2 All user-level passwords (for example, email, web, desktop computer) should be changed at least every six months.

4.2.3 Password cracking or guessing may be performed on a periodic or random basis by the AHA Technology Department or its delegates. If a password is guessed or cracked during one of these scans, the user will be required to change it to be in compliance with the Password Construction Guidelines in section 6.

4.3        Password Protection

4.3.1 Passwords should not be shared with anyone. All passwords are to be treated as sensitive, Confidential AHA information.

4.3.2 Passwords must not be inserted into email messages or other forms of electronic communication without proper AHA Technology Department approved encryption.

4.3.3 Passwords must not be revealed over the phone to anyone. 

4.3.4 Do not reveal a password on questionnaires or security forms. 

4.3.5 Do not hint at the format of a password (for example, "my family name").

4.3.6 Do not share AHA passwords with anyone, including administrative assistants, secretaries, managers, co-workers while on vacation.

4.3.7 Do not store passwords in a file on a computer system or mobile devices (phone, tablet) without proper AHA Technology Department approved encryption.

4.3.8 Do not use the "Remember Password" feature of applications (for example, web browsers).

4.3.9 Any user suspecting that his/her password may have been compromised must report the incident to AHA Technology Department immediately and change all passwords.

4.4Use of Passwords and Passphrases

Passphrases are generally used for public/private key authentication. A public/private key system defines a mathematical relationship between the public key that is known by all, and the private key, that is known only to the user. Without the passphrase to "unlock" the private key, the user cannot gain access. 

Passphrases are not the same as passwords. A passphrase is a longer version of a password and is, therefore, more secure. A passphrase is typically composed of multiple words. Because of this, a passphrase is more secure against "dictionary attacks." 

A good passphrase is relatively long and contains a combination of upper and lowercase letters and numeric and punctuation characters. An example of a good passphrase: 

"The*?#>*@TrafficOnThe101Was*&#!#ThisMorning" 

All of the rules above that apply to passwords apply to passphrases.

5. Policy Compliance

5.1Compliance Measurement

AHA Technology Department will verify compliance to this policy through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner. 

5.2Exceptions

Any exception to the policy must be approved by the AHA Technology Department in advance. 

5.3Non-Compliance

AHA students, faculty, or staff found to have violated this policy may be subject to disciplinary action, up to and including termination of employment, suspension, and/or expulsion.

6. Password Construction Guidelines

These guidelines provide best practices for creating secure passwords. All passwords should meet or exceed the following strong password guidelines.

Strong passwords have the following characteristics:

Poor, or weak, passwords have the following characteristics and should not be used:

Try to create passwords that you can remember easily. One way to do this is create a password based on a song title, affirmation, or other phrase. For example, the phrase, "This May Be One Way To Remember" could become the password TmB1w2R! or another variation.

*NOTE: Do not use any examples in this policy as passwords!

7. Revision History

1/22/15 lj, 7/16/15 ga