At Central 301, we take information security seriously.
To maintain the confidentiality and integrity of information and data, including our student data, Central 301 has implemented targeted processes and procedures. These can be categorized as:
- Systems that control where key information is stored;
- Access security practices and internal controls that restrict who has rights to view, add/delete, or edit information;
- Physical access controls to District data centers and key networking equipment.
How is access to student data managed?
Central 301 follows best practices in establishing and managing system and network access security. Access to student data is managed and controlled through what is known as role-based security. This means that the type and amount of access to student data and other information is governed in our systems by the role which any staff member holds along with what information they require to perform their job as a trusted member of Central 301 staff. Staff members must go through a process to gain access to authorized information that includes successfully logging into the District network or one of the systems they use as part of their job duties.
Once a staff member logs in using this method, the internal application controls, role based security, and application permissions restrictions are engaged which limit the data read, write, add, or delete functionality and are specific to a staff member’s role in the District.
The District also follows all rules set forth by state and federal government such as the Federal Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA). For more information regarding these laws, please refer to the following links:
HIPAA – http://www.hhs.gov/ocr/privacy/
Where is student data held and where does it go?
The primary repository of student data is our Student Information System, Skyward. Skyward maintains student demographics, household contact information, enrollments, attendance, grades, schedules, transcripts, discipline, bus, lockers, health, IEP, and LEP information. The District does not retain student Social Security Numbers within any system.
In addition to Skyward, Central 301 also maintains multiple supporting systems that assist in running daily operations. Based on need, some student data is routinely transferred between these applications through a variety of secure and encrypted system integration processes.
Physical access to the data centers and the servers that house this data are limited to a small group of network and system administrators in the IT Department. These data centers are also secured with fire protection and power backup capabilities. We also take routine backups of key systems and data which are securely stored and protected.
With the evolution of cloud based solutions, the District also subscribes to some externally hosted applications which are integrated with our student information system through encrypted data communications. Below is a list of various outside agencies that the District provides data to and/or receives data from. Data transferred includes basic student information such as names and schedules so student can log into applications and access curricular materials configured by the District.
- School Messenger
- Achieve 3000
Additionally, the District provides testing agencies such as SAT, PARCC, NWEA, ISA etc. with basic student identification as part of the testing and scoring process. The District reports all required data to the Illinois State Board of Education (ISBE) and other government agencies.
Google Apps for Education
The District provides all students with a Google Apps for Education Account. This account allows them to collaborate and share documents with their teacher and fellow students and is an essential component of the classroom. We share limited information with Google solely for account creation purposes. This data, and any data created as a function of using a Google Apps for Education account, belongs to Central 301. This type of account is different than having a personal gmail account. Google does not scan student content or email for advertising purposes as they do with regular consumer accounts.
Please review the Google Apps for Education Privacy Statement at: