Thank you for your email to the Ministry of Education.
This is an auto generated response confirming your email has been received. Please do not respond to this message.
We will respond to your email as soon as possible.
Ngā mihi, nā
Enquiries National Team | Ministry of Education
Mātauranga House
33 Bowen St, Wellington

education.govt.nz<http://www.education.govt.nz/> | Follow us on Twitter: @EducationGovtNZ<https://twitter.com/mineducationnz>

We get the job done Ka oti i a mātou ngā mahi
We are respectful, we listen, we learn He rōpū manaaki, he rōpū whakarongo, he rōpū ako mātou
We back ourselves and others to win Ka manawanui ki a mātou, me ētahi ake kia wikitoria
We work together for maximum impact Ka mahi ngātahi mō te tukinga nui tonu

Great results are our bottom line Ko ngā huanga tino pai ā mātou whāinga mutunga

http://www.education.govt.nz/

For Attention: Nathaniel Goza

 

Hi there Nathaniel

 

Your enquiry re Information Security in Schools has been referred to me
for a response.

This email is both an apology for the delay in getting back to you as well
as an acknowledgement that we will provide you with a formal response late
next week.

Thank you for your patience.

Kind regards

Neville Bannister | Senior Manager IT Assurance | IT Assurance
DDI +6444638153  Ext 48153 | Mobile +64278864560
Justice Centre, Kate Sheppard Place, Wellington

 

 

Attention: Nathaniel Goza

 

Hello Nathaniel

I am replying to your email enquiry re the above – dated 12 April 2018.

 

Firstly please accept my apology for the delay in responding – your
enquiry was initially processed as an Official Information Act request and
after review it was considered appropriate that it should be managed as a
general enquiry. It has now been referred to me for a Subject Matter
Expert’s response hence my communication directly to you in that capacity.

 

I have considered your questions and reply as below:

 

1.       Are school Information Technology (IT) systems set up in
accordance with the NZISM?

 

The Ministry of Education is the Government’s lead advisor on the
education system, shaping direction for education agencies and providers
and contributing to the Government’s goals for education. Based on the
existing Tomorrow’s Schools approach the governance and regulatory
framework for New Zealand’s state and integrated schools, these schools
are autonomous, self-managing learning institutions governed by elected
boards of trustees, responsible for learning outcomes, budget oversight,
the employment of all staff and property management.

In recognition of the autonomy of schools, the Ministry offers significant
Information Technology (IT) funding and advice for the school’s IT systems
through numerous specialty groups including the following:

Connected Learning Advisory (CLA) - a free service, provided by the
Ministry of Education and managed by CORE Education, helping New Zealand
schools and kura make the most of digital technologies for learning.

[1]http://core-ed.org/

Netsafe - New Zealand’s independent, non-profit online
safety organisation. Netsafe takes a technology-positive approach to
the challenges digital technology presents, working to help people in New
Zealand take advantage of the opportunities available
through technology by providing practical tools, support and advice for
managing online challenges. 

[2]https://www.netsafe.org.nz/

Network for Learning (N4L) – who partner with schools, government and
technology providers to deliver products and services especially designed
for education. This includes the management of safe and secure broadband
services.

[3]https://www.n4l.co.nz/

There are other bodies that receive funding to help deliver IT services
that contribute to schools operating in a safe and secure manner. The
Ministry actively applies a risk-based approach to IT security recommended
in the Protective Security Requirements (PSR) framework, mandated by
Cabinet in December 2014. NZISM is a component of the PSR and Section
1.1.2. of the New Zealand Information Security Manual (NZISM) states that
the manual “..is intended for use by New Zealand Government departments,
agencies and organisations. Crown entities, local government and private
sector organisations are also encouraged to use this manual.” The Ministry
actively advocates that all IT security advice offered aligns with the PSR
mentioned above.

The implementation of this support and advice is the responsibility of
each school through its Board of Trustees. Many of these schools also use
a local IT service provider to help with this activity. The Ministry
remains committed to provide ongoing and active IT security advice across
the education system, as outlined above.

 

2.       Does the Ministry of Education regularly audit the security of
school IT systems to ensure they are compliant with all requirements laid
out in the NZISM?

The Ministry of Education does not regularly audit the security of school
IT systems. This approach is based upon the current design of the
education system – with each school being autonomously governed by a Board
of Trustees - and the NZISM emphasis on NZ Government departments,
agencies, organisations, crown entities and private sector organisations
use of the NZISM. As mentioned in your 1^st question, the Ministry
supports and funds regular PSR (risk-based) IT security advice and
practical support to schools through numerous third parties. A risk-based
approach is more appropriate and achievable and consistent with good
cyber/IT security practice.

 

3.       If not, why does the Ministry think it is appropriate to have
unsecure IT systems being utilised by children?

The Ministry’s commitment to funding third parties to assist schools with
IT support and advice as outlined in the previous 2 questions is a strong
indicator that it is totally committed to supporting our schools to
actively manage and minimise the impacts insecure IT systems may have on
our children. Any indication or concern to the contrary should be
immediately referred to your local Principal, who would follow the advice
and support on offer from organisations such as Netsafe and N4L.

 

Thanks for your enquiry and I trust that I have addressed your questions -
I would welcome any further comments or concerns that you may wish to
direct to me.

 

Kind regards

Neville Bannister | Senior Manager IT Assurance
DDI +6444638153  Ext 48153 | Mobile +64278864560
[4]education.govt.nz  |  [5]Follow us on Twitter: @EducationGovtNZ
We get the job done  Ka oti i a mâtou ngâ mahi
We are respectful, we listen, we learn  He rôpû manaaki, he rôpû
whakarongo, he rôpû ako mâtou
We back ourselves and others to win  Ka manawanui ki a mâtou, me çtahi ake
kia wikitoria
We work together for maximum impact  Ka mahi ngâtahi mô te tukinga nui
tonu
Great results are our bottom line  Ko ngâ huanga tino pai â mâtou whâinga
mutunga

[6]Ministry of Education logo

 

 

 

 

 

 

 

References

Visible links
1. http://core-ed.org/
2. https://www.netsafe.org.nz/
3. https://www.n4l.co.nz/
4. http://www.education.govt.nz/
5. https://twitter.com/EducationGovtNZ
6. http://www.education.govt.nz/