header-utility-container

header-site-container

Policy 797 - Information Security

I. PURPOSE

The purpose of the Princeton Public Schools ISD 477 Information Security Policy is to describe the actions and behaviors required to ensure that due care is taken to avoid inappropriate risks to Princeton Public Schools ISD 477, its business partners, and its stakeholders. 
The Princeton Public Schools ISD 477 Information Security Policy applies equally to any individual, entity, or process that interacts with any Princeton Public Schools ISD 477 Information Resource.

II. GENERAL STATEMENT OF POLICY

Information security is a holistic discipline, meaning that its application, or lack thereof, affects all facets of an organization or enterprise. The goal of the Princeton Public Schools ISD 477 Information Security Program is to protect the Confidentiality, Integrity, and Availability of the data employed within the organization while providing value to the way we conduct business. Protection of the Confidentiality, Integrity, and Availability are basic principles of information security, and can be defined as:

  1. Confidentiality – Ensuring that information is accessible only to those entities that are authorized to have access, many times enforced by the classic “need to know” principle.
  2. Integrity – Protecting the accuracy and completeness of information and the methods that are used to process and manage it.
  3. Availability – Ensuring that information assets (information, systems, facilities, networks, and computers) are accessible and usable when needed by an authorized entity.

Princeton Public Schools ISD 477 has recognized that our business information is a critical asset and as such our ability to manage, control, and protect this asset will have a direct and significant impact on our future success.  
This document establishes the framework from which other information security policies may be developed to ensure that the enterprise can efficiently and effectively manage, control and protect its business information assets and those information assets entrusted to Princeton Public Schools ISD 477 by its stakeholders, partners, customers and other third parties.
The Princeton Public Schools ISD 477 Information Security Program is built around the information contained within this policy and its supporting policies.

III. DEFINITION
  1. Princeton Public Schools ISD 477 maintains and communicates an Information Security Program consisting of topic-specific policies, standards, procedures and guidelines that:
    1. Serve to protect the Confidentiality, Integrity, and Availability of the Information Resources maintained within the organization using administrative, physical and technical controls.
    2. Provide value to the way we conduct business and support institutional objectives. 
    3. Comply with all regulatory and legal requirements, including: 
      1. HIPAA Security Rule,
      2. State breach notification laws,
      3. PCI Data Security Standard,
      4. Information Security best practices, including ISO 27002 and NIST CSF,
      5. Contractual agreements,
      6. All other applicable federal and state laws or regulations.
  2. The information security program is reviewed no less than annually or upon significant changes to the information security environment.
IV. RESPONSIBILITY
  1. Personnel found to have violated this policy may be subject to disciplinary action, up to and including termination of employment, and related civil or criminal penalties.  
  2. Any vendor, consultant, or contractor found to have violated this policy may be subject to sanctions up to and including removal of access rights, termination of contract(s), and related civil or criminal penalties.

Adopted: July 16, 2024