Brace for Impact: School Data and Disasters
School leaders take their roles as steward of student data extremely seriously. When it comes to protecting data in the midst of a disaster (natural or otherwise), what can you learn from successful districts?
Assemble Your Team
Which people need to be notified, and in what order?
Before any other planning happens, brainstorm the people who need to be notified if anything should go awry with a data center. Even something as minor as a power outage may have devastating effects.
Your team’s structure depends on the way your staff is structured. Chief technology officers and their direct reports will likely be making these types of calls, but everyone who works with student data will be interested in updates. A communication pro might help if the situation is serious enough to reach out to the community.
After your team has been identified, their next step is to gather the external contacts for your systems, service providers, and utility companies. Finally, identify any community members who need to be informed.
Check this roster often, particularly when turnover happens. Especially for third parties and providers, keep contact information up to date and in a central location to avoid scrambling in the moment—a moment which may or may not include wi-fi or landline phone service.
Define Your Terms
Which threats are most likely and what might be impacted?
The data disaster team’s first order of business is to imagine the worst, so they can prepare a response plan. Which disasters are most likely (historically or otherwise) in your area? Where is the data center located? A disaster plan will look wildly different in a hurricane-prone coastal district than it will in the Midwest.
Next, the team must determine how many machines, buildings, and people might be impacted. Take a baseline inventory of all data storage before assigning a priority level. Identify where all backups are located (and if you’re not using the 3-2-1 backup method, now’s a great time to get started).
Finally, make a strong link between this data disaster plan and your crisis communication plan. If that plan is still in the works, at the very least be able to answer three basic questions:
- What happened?
- How did it happen?
- What will be done about it?
These questions can also guide your response plan prioritization.
Prioritize Your Response
Which actions are priority one, and which comes next?
Once the terms are set, it’s time to agree upon goals and objectives. It never hurts to establish a mission statement to keep everyone focused on the task at hand. An example might be:
“In the event of a disaster, our mission is to stabilize the data center, recover any lost data through a combination of backups, and communicate the status with district staff and the greater community.”
Prioritize the places to begin work when time is of the essence. Prioritization of network components may look something like this:
- Highest priority: network security and operations (firewall, switches, wiring components, main servers that contain critical operational data)
- Medium priority: web server, web filter, email server, network print services, desktop computer of critical personnel
- Low priority: instructional computer labs, desktop computers and individual peripherals
Once the team has established priorities, detail the processes and backup strategies involved. These are probably different depending on whether they include hardware (such as VoIP phones) or are cloud-based (such as software systems). It never hurts to reiterate contact information embedded directly in the response process.
Again, never rely on an ability to search the internet or use other technology. List this crucial information in hard copy in multiple locations.
Test and Update Often
How will this be tested?
Anyone who makes plans of this nature hopes they’ll never be put into place, but be sure to go through the motions and drill the process well before a threat is identified. Practice will make your data recovery plan feel less cumbersome, and you may find flaws in the original plans once they are tested. Build in an opportunity to update the process as new systems, team members, and concerns come into play.
There’s no substitute for preparation when it comes to disasters. Protect your irreplaceable data as you would any other asset.
Originally posted on Skyward's Advancing K12 Blog
Your Data is Safe with WSIPC
WSIPC takes the following measures to protect the privacy of your data:
- Data Ownership – WSIPC complies with state and federal laws and guidelines, including FERPA and HB-1741, in the handling and disclosing of personally identifiable information. We require district approval before we share your data, and we contractually require the same approval for any vendor or organization we work with.
- Data Security – Security assessments are conducted on WSIPC systems annually, by independent companies. The results of the assessments are used to ensure that our system security is continually updated to meet the ever-growing threat of cyber security attacks.
- Security Awareness – WSIPC participates with the following resources, among others, to stay informed and engaged:
- Student Data Privacy Consortium (SDPC) – a national alliance of states, districts, vendors and policy makers. WSIPC has been part of this organization since its inception.
- National Center for Educational Statistics (NCES) – a multi-state forum operated by the US Department of Education.
- Future of Privacy Forum (FPF) – a nonprofit organization that serves as a catalyst for advancing principled data practices and fostering privacy leadership and scholarship.
Student data privacy is a top concern for WSIPC, and we will continue to do our utmost to ensure that your data is protected.
WSIPC is a non-profit cooperative that provides technology solutions (including Qmlativ), services, and support to K-12 schools. WSIPC’s purpose is to help schools do more with every dollar and to empower them with the tools to work smarter. To learn how your district can become part of the WSIPC Cooperative, contact us at email@example.com or 425.349.6600.
WSIPC. Inspired by education. Empowered by technology.TM