Government of Saskatchewan
Advanced Education
 
Quick Search:
Friday, April 26, 2024
 
  Student Loans
  Contact Student Service Centre
  Home
  About Student Loans
Information Security and Acceptable Use Policy
Introduction

In order to assist end-users with understanding their responsibilities in accessing student information stored in the Government of Saskatchewan's System and to provide direction around appropriate use, the department has implemented a protection of privacy and access to information policy.

The primary goals of this policy are to protect the personal information of students as well as the confidentiality, integrity and availability of the department's information technology assets:

Confidentiality Refers to ensuring that information is accessible only to those individuals who are explicitly authorized to view it.
Integrity Refers to ensuring that information is protected from unauthorized or inadvertent modification so that it remains accurate and complete and can therefore be relied upon for use in making educational business decisions.
Availability Refers to ensuring that systems and the information that they contain are available when the end-user requires them.

In order for a security policy to be successful, all end-users must be aware of potential security threats, their responsibilities in regard to those threats, and rules related to the acceptable use of the information.

This policy is based on the Government of Saskatchewan's Information Security and IT Acceptable Use Policy Manual.

End-User Responsibilities

The vast majority of security breaches have a relatively small number of root causes. Primary causes include stolen or weak (easily guessed) passwords, physical access to unattended workstations, physical access to information that is held outside of the system (printed output, digital media) and computer viruses. Fortunately, there are some very simple things that end-users can do to mitigate threats from these sources:

  1. Protect your password.
    • Never share your password with another individual.
    • Do not write your password down.
    • Do not use passwords that refer to personal data (i.e. contain one of your children's names or your birth date).
    • Do not use passwords that contain dictionary words.
    • Do not type your password in when someone is looking over your shoulder.
    • If your password has been inadvertently disclosed, or you suspect that it has, change it immediately
  2. Protect your workstation.
    • Never leave your immediate work area without either logging off or locking your workstation.
  3. Protect your programs and information from viruses.
    • All foreign disks and software should be scanned for viruses prior to being used on any machine that is, or will be, connected to the department network.
  4. Protect information that is held outside of the system.
    • Store any digital media (CD, Diskette, portable hard disks, etc) containing sensitive information in a physically secure location when not in use, such as a locked cabinet or drawer.
    • Ensure that paper output containing sensitive information is protected from unauthorized access. Do not leave sensitive documents unattended on desktops or printers or in any other location where individuals who are unauthorized to view the contents might gain access to it.
    • Ensure that sensitive information is destroyed when no longer required. Paper documents containing sensitive information should be shredded. Information on digital media should be erased.
  5. Immediately report to the Registrar all security-related incidents, including:
    • Any violation of Security or Acceptable Use Policy (all suspicious activity should be reported).
    • Any security flaws or weaknesses that you might discover while accessing information stored on the Government of Saskatchewan's System.
    • Computer virus infections.
Acceptable Use

End-users are expected to exercise good judgment in determining whether or not a particular activity is an acceptable use of the Government of Saskatchewan's System.

  1. Acceptable use includes:
    • Entering and submitting a Student Loan Application.
    • Viewing a Student Loan application and making changes, if any.
    • Deleting a Student Loan Application.
    • printing or producing reports as required by an authorized entity.
  2. Unacceptable use includes:
    • Disclosing confidential information to individuals or organizations with no written or formal authority to possess that information.
    • Viewing or distributing data files belonging to another user unless specifically authorized to do so, regardless of whether a security weakness in the system might permit this (the ability to access information does not implicitly grant permission to view that information).
    • Reading another user's information files from a display terminal, as printed output or from magnetic media without that user's explicit permission.
    • Requesting or attempting to learn another individual's password.
    • Using or attempting to use another individual's account.
    • Using department computer systems as a conduit for unauthorized access attempts on remote computer systems.
    • Attempting to intercept, block, de-crypt or eavesdrop on any electronic message addressed to another individual.
    • Developing, downloading or using programs that attempt to bypass security mechanisms or uncover security weaknesses.

Monitoring and Enforcement

The Government of Saskatchewan has the ability to monitor individual system usage through the use of logs and other tracking tools. In the interest of enforcing security and acceptable use policies, it reserves the right to employ any tool or activity necessary for monitoring, auditing and, where necessary, controlling end-users access to the system. Among other things, the department's monitoring and enforcement activities may include:

  • Tracking of unauthorized resource access attempts.

Every effort will be made to protect the privacy of the individual if they are monitored. Monitoring activities will be restricted to those necessary to prove or disprove allegations of inappropriate use. Knowledge of monitoring activities and results will be restricted to Information Technology and Audit staff responsible for conducting the monitoring and those charged with making a decision based upon the findings.

If any end-user or agency is found negligent, access to the department's system may be denied.

Any end-user who violates this policy will be notified and appropriate consequences may include a full range of disciplinary actions according to the relevant governing association as well as the potential enforcement of applicable Federal and Provincial Laws.

Communication of Policy

This 'Acceptable Use Policy' is intended to make end-users aware of their responsibilities in accessing student information stored in the Government of Saskatchewan's System. This document should be made available to all employees of the Government of Saskatchewan who have been assigned user access. There is an expectation that the content of the policy will be reviewed with end-users on a regular basis (i.e., twice per year).