Moose Jaw’s Catholic school division is working to address the issues of cybersecurity and digital privacy after it identified those two areas as the biggest risks currently facing the organization.
As part of Holy Trinity Catholic School Division’s enterprise resource management (ERM) program, division administration created a risk register several months ago of the top 49 threats that could affect the division.
Executive council then rated those risks, while administration collected and ranked the data. It later created a document with the top 10 risks and mitigation or management strategies for each and presented that report at the January board of education meeting.
In that report, administration encouraged the board to ensure the organization adopted several mitigation or management strategies, such as:
- Having high-security standards
- Using a three-level system to protect records where possible
- Following LAFOIP and privacy legislation and evaluating compliance
- Educating staff about privacy and the appropriate legislation
- Having employees sign confidentiality agreements as an employment condition and sharing the possible repercussions of breaches
- Updating and reviewing policies on information and security
- Ensuring that internal controls are in place to monitor and manage the information
- Regularly conducting audits or inspections to confirm that the appropriate practices are in place and that staff are following policies
After that meeting, Mark Selinger, the division’s supervisor of learning and technology, reviewed the strategies and suggested several additions and modifications, including:
- Assessing the implications of applying for cyber-risk insurance
- Developing a post-cyberattack response plan
- Having him serve as the division’s Saskatchewan League of Educational Administrators Directors and Superintendents (LEADS) representative on the Saskatchewan School Boards Association’s cybersecurity working advisory group
- Ensuring that third parties engaged or completing business with Holy Trinity adhere to its IT standards
Division administration presented those updates during the board’s March meeting.
“There are a number of school divisions exploring (cyber-risk insurance) and we will as well,” said CFO Curt Van Parys. “We need to get our IT systems in a serious state before we can even apply for cyber-risk insurance … .
“I was fortunate to spend the time with Mark to tighten up the initial management and mitigation strategies, so we’ll incorporate these in our overall risk register and report back to the board in terms of how these things are going.”
Cyberattacks are becoming more prevalent and security breaches are happening regularly, said trustee Derek Hassen.
“They’re costly,” he remarked.
Capital project update
The Ministry of Education approved Holy Trinity’s project application last August to upgrade École St. Margaret School for $4 million as part of the division’s minor capital project request. However, the division estimated the project would cost roughly $5.5 million, leaving a shortfall of $1.5 million.
Senior management has had several discussions with ministry officials recently about the government increasing funding for the project, Van Parys said. Those talks continue and he hoped to have more information by April.
The next Holy Trinity board meeting is Monday, April 17.
