FCS Policies and Procedures 2019-20
Franklin County Schools
Modified June 2019
Procedures And Guidelines 3
Supported Hardware/Software 4
Internet Safety 7
Auditing and Monitoring 9
Desktop Support Software 9
Helpdesk Service-Request Procedures 10
Purchasing Procedures 10
Surplus Technology Procedure 11
Access to Network Services 11
Construction/Modification of Networks 13
Additional Network and Telephone Outlets 13
Amendment and Change Procedures 13
Board Policies and Procedures 13
Appendix A 14
The district wide provision of computers and technology for the express use of Franklin County School students and employees along with the communication services it provides will be referred to as the “Franklin County Public Schools Education Network” or FCPSNet. Administrative support is provided by the District Chief Information Officer (CIO) and support staff. Additional administrative support is provided by the Kentucky Department of Education. The system administrators are employees of Franklin County Schools and reserve the right to monitor all activity on FCPSNet.
The board supports the right of students, employees and community members to have reasonable access to various information formats and believes it is incumbent upon users to utilize this privilege in an appropriate and responsible manner.
Procedures And Guidelines
The Chief Information Officer, with the guidance of the Superintendent, shall develop and implement appropriate procedures to provide guidance for access to electronic media. Guidelines shall address teacher supervision of computer use, ethical use of electronic media including, but not limited to, the internet, e-mail and other District technological resources, and issues of privacy versus administrative review of electronic files and communications. In addition, guidelines shall prohibit utilization of networks for prohibited or illegal activities, the intentional spreading of embedded messages, or the use of other programs with the potential of damaging or destroying programs or data.
- Standard software on all “Teacher Workstations” will include the Microsoft Office Suite, McAfee Virus Protection, and Internet Explorer/Mozilla Firefox/Chrome for internet browsing. Some school locations may also choose to use other applications specific to their curriculum needs.
- Standard software on all “Student Workstations” will include McAfee Virus Protection and Internet Explorer/Mozilla Firefox/Chrome for internet browsing. Some school locations may also choose to use other applications specific to their curriculum needs.
- The use of network-intensive software such as “Peer-to-Peer” and file sharing is strictly prohibited over the wide-area network.
- Local schools should select software that meets the district standard requirements for their instructional programs. Due to the wide variety of software programs installed in schools, the CIO cannot guarantee support of all applications. (See section 12 for the procedures to purchase new software.)
- Any computer workstation that is intended to be used with FCPSNet and is purchased with District funds from any source (such as regular school accounts, school-activity accounts, PTA, etc.) must meet FCPSNet standard specifications. These standards are based upon the KETS specifications, but are purposefully narrowed to include a limited number of hardware manufacturers. The CIO/Technology Staff will set the FCPSNet standard specifications and any requests to purchase nonstandard workstations must be approved by the CIO.
- All file servers attached to FCPSNet will meet KETS standards.
- Peripherals (printers, scanners, digital cameras, etc.)
- Any computer peripheral that is intended to be used with FCPSNet and is purchased with District funds from any source (such as regular school accounts, school activity-accounts, PTA, etc.) must meet FCPSNet standard specifications. These standards are based upon the KETS specifications, but are purposefully narrowed to include a limited number of hardware manufacturers. The CIO/Technology Staff will set the FCPSNet standard specifications, and any requests to purchase nonstandard peripherals must be approved by the CIO.
- * All non-KETS standard equipment and/or technology purchased from non-district approved vendors will not be supported by the Computer Maintenance Technicians. The CIO can make recommendations on specific models that schools should purchase, however, no district technical support will be provided.
- Wireless Standards
- Wireless access points have to be treated as any other network device on the network and will be installed with the approval of the CIO and Technology staff.
- Wireless connections between buildings must be configured as LAN-to-LAN endpoints with a strong SSID, and WEP encryption. Wireless WAN connectivity should be considered a temporary solution for LAN-to-LAN connectivity between buildings with large user bases due to bandwidth issues.
- Access Points and other wireless networking components are available on the KETS contract. These networking components have been thoroughly tested for compatibility with current KETS networking equipment and are 802.11b/g/n/ac compliant. Wireless Access Points and other wireless networking components are to be considered no different from hard-wired networking components with regards to KETS funding.
- Donated Equipment
- Businesses or individuals that offer to donate new or used hardware should be referred to the Chief Information Officer. The CIO will determine whether the equipment meets the District’s support standards.
- Only hardware that meets or exceeds the lowest FCPSNet standard can be added to a school’s inventory.
- Appendix A Donated Computers and Other Hardware
- Repair Policy
- District and school technicians will only repair and maintain equipment that is owned by the Franklin County Schools and purchased following district procurement procedures.
- Equipment will be repaired as long as parts are available and when it is more cost effective to repair the unit instead of replacing it. School Technology Coordinators (STCs) will be notified when equipment moves to non-repair status.
- Equipment that has been previously surplused or marked as replaced will not be repaired.
- If the cost of parts and service of a piece of equipment exceeds the value of the machine, the machine will be added to the school surplus list and identified as non-repairable.
- Authorized Software/Purchase of New Software
- Only software that has been purchased, licensed, or donated to the District will be allowed on any District computer. The STC or Computer Maintenance Technician shall maintain a list of all software licenses or proofs of purchase unique to that school.
- Any purchase of non-standard and/or new software must follow the standard requisition process and must be approved by the CIO before it is purchased and installed on any machine connected to FCPSNet. This process is to ensure that the software will function properly on our network and will not prevent other standard applications from functioning properly.
- All users and all workstations must authenticate and receive authorization to use FCPSNet services. All parties accessing the FCPS Network or any of the resources attached to it must be identified and authenticated that they are indeed who they say they are. This can only be accomplished through having the network login require each user to enter a password to ascertain that the userid they are entering is, in fact, their own. This requires that all desktop machines perform a Domain Login.
- A guest account may be requested allowing temporary access to the network or Internet to non-FCS visitors to schools and must be approved by the CIO or designee.
- The responsibility for creation of user accounts and granting specific access to network resources belongs to the Technology Support Team. To obtain a valid userid the principal or designee, usually the STC, must request that an account be created and specify rights for each new user.
- Users are potentially liable for damages caused by a hacker using their machine. The user must be able to prove that "reasonable" measures were taken to defend themselves from hackers. An example would be if a machine were left open with no passwords or any kind of authentication measures in place. Consequently, any user wishing to utilize the network or any of the resources attached to it will be required to have a unique userid and password that must be entered prior to gaining access to any of the resources on the network.
- Passwords should be from seven to twelve characters in length.
- Passwords should be changed every 120 days.
- Users who need assistance with their passwords should contact their School Technology Coordinator.
- The CIO must be notified when the employment of any staff member is terminated with the Franklin County Schools. This is necessary to allow the userid to be disabled and to restrict the terminated employee’s access to network resources.
- Users have one userid to access e-mail, the Internet, and other network resources. Once an individual has performed a domain login they have access to email. In the case of users accessing their mail via web mail, they are required to enter their userid and password to be authenticated. Users must not configure automatic authentication on their workstation for domain logons at startup. Passwords must be entered at every login.
- All FCPSNet users must adhere to the Acceptable Use Policy, FCPS Policy 08.2323
- It is the policy of the Franklin County Public Schools to:
- prevent user access over its computer network to, or transmission of, inappropriate material via Internet, electronic mail, or other forms of direct electronic communications;
- prevent unauthorized access and other unlawful online activity;
- prevent unauthorized online disclosure, use, or dissemination of personal identification information of minors;
- comply with the Children’s Internet Protection Act [Pub. L. No. 106-554 and 47 USC 254(h)].
- Students shall be provided instruction about appropriate online behavior, including interacting with other individuals on social networking sites and in chat rooms and cyberbullying awareness and response.
- Internet safety measures shall be implemented that effectively address the following:
- Controlling access by minors to inappropriate matter on the Internet and World Wide Web; Specifically, as required by the Children’s Internet Protection Act, blocking shall be applied to visual depictions of material deemed obscene or child pornography, or to any material deemed harmful to minors.
- Safety and security of minors when they are using electronic mail, chat rooms, and other forms of direct electronic communications;
- Preventing unauthorized access, including “hacking’ and other unlawful activities by minors online;
- Unauthorized disclosure, use and dissemination of personal information regarding minors; and
- Restricting minor’s access to materials harmful to them.
- The District shall provide reasonable public notice of, and at least one (1) public hearing or meeting to address and communicate its Internet safety measures.
- Specific expectations for appropriate Internet use shall be reflected in the District’s code of acceptable behavior and discipline including appropriate orientation for staff and students.
- Access to the network, including internet access, is granted to individual users upon the submission of a completed AUP signature form.
- Student users are permitted to bring their personally own devices (PODs) for use on the FCPSNet wireless network upon submission of a POD signature form.
- Access to the internet for all users is filtered and monitored using the following methods:
- FCPS uses Lightspeed to filter all network traffic.
- FCPS uses Lightspeed to run reports upon request of suspected violations of the AUP.
- FCPS uses Impero software for desktop filtering, monitoring and reporting. Impero provides screen captures and alerts for defined violations of the AUP, as well as blocking of specified AUP violations before they can occur.
- Obscene material and information, child pornography and other data/information harmful to minors is filtered and blocked for all students.
- It is the responsibility of all staff members of the Franklin County Schools to educate, supervise and monitor appropriate usage of the FCPSNet and equipment in regards to access to the internet in regards to the Children’s Internet Protection Act, the Neighborhood Children’s Internet Protection Act, and the Protecting Children in the 21st Century Act.
- The Principal, School Technology Coordinator, or designated representative will provide age-appropriate training for students who use FCPSNet facilities. The training will promote the FCS commitment to:
- The internet safety policy
- Appropriate online behavior (digital citizenship) when using social networking tools
- Cyberbullying awareness and response
- Compliance with e-rate requires for CIPA.
- No workstation can be attached to the network without prior approval of the CIO. Only equipment owned by Franklin County Schools may be physically attached to FCPSNet.
- Workstation attachments will be made by way of DHCP (Dynamic Host Configuration Program). Only selected application workstations will be permitted to have static IP (Internet Protocol) address.
- Personally owned devices may connect to the FCPSNet Guest wireless networks.
- There will be no personal file sharing from a workstation. All shared files will reside on a file server or hosted cloud service.
- No Internet Distributed File Sharing (IDFS) software is to be placed on any workstation or fileserver within the Franklin County Public Schools network environment.
- At a minimum the desktops of staff users will be locked due to system applied policies or by the user when not in use, or the user will log off the network. Sites may elect to implement a higher level of desktop security but not less than the minimum.
- There should be no unsupervised access to any workstations within FCPS after normal business hours. Those workstations that cannot be secured behind locked doors shall be password protected.
- Backups for desktop machines are entirely the responsibility of the user. Any user who creates data on a desktop machine is responsible for the backup and integrity of that data. It is recommended that user data be backed up on a regular basis, such as weekly. However, if there have been many updates to the user data in a time frame shorter than a week, the backups should occur more frequently.
- No servers can be attached to the network without prior approval of the CIO.
- Any user wishing to access any district server must be authenticated through performing a Domain login as discussed previously.
- Only those services required for the business of the district will be allowed to be running on any production server within the district. All unnecessary services will be turned off.
- The ability to gain "hands-on" access to production servers will be restricted to that number of district personnel that require this type of access to perform their job functions. This type of access will be granted to only the Technology Support Team. These individuals will not permit anyone else to have their same level of access. Those individuals having this type of access may not, under any circumstances, delegate the permission for this access to any other individual.
- No switches/hubs can be attached to the network without prior approval of the CIO.
- A backup is performed on a nightly basis on designated servers.
Auditing and Monitoring
- The Technology Support Team will be charged with the responsibility for monitoring the network and will be responsible for receiving and reviewing all logs, alerts and alarms generated by the various systems in place and resolving any identified issues.
- The Technology Support Team should be notified at any time that there is a suspicion of any type of security incident.
- Upon notification, or discovery through the network monitoring system, of a suspected security incident, the Technology Support Team will be charged with ascertaining whether or not the incident is real and to what extent the district is affected.
- All security incidents will be referred to the Chief Information Officer for action. The Chief Information Officer will be charged with determining the appropriate steps to be taken to safeguard the district for each security incident. Incidents involving personnel will be referred to the Superintendent.
Desktop Support Software
- Desktop support software may be installed on all computers in order to facilitate assistance for helpdesk tickets, common tasks and issues, and remote management. Security for the software will be managed so that STCs may also use the software to support student and staff computers.
- The tools provided may include:
- Remote access and control
- Training and screen broadcasting
- Instruction and locking of screens
- Monitoring and filtering of content
- Maintenance Windows
- Access to the network will normally be available from 6 a.m. to 7 p.m. Monday through Friday. Any scheduled maintenance or downtime will be from 7 p.m. to 6 a.m. Monday through Friday or on weekends. However, emergency maintenance may need to be performed at any time.
- Connectivity to the Internet is contingent on the availability of the state-provided communications link between Franklin County Schools and the Internet.
- Computer Moving or Disconnecting Procedures
- If a computer lab has to be moved or modified (e.g. reconfiguration or room cleaning) the STC will be notified and a date will be established when the Computer Maintenance Technicians can be present for assistance.
- Any computer or office move will be scheduled and coordinated through a Computer Maintenance Technician, STC or CIO. The requesting party should notify the Computer Maintenance Technician and STC in sufficient time to allow schedules to be put into place or modified to accommodate the relocation.
- Any workstation that is moved for cleaning should be relocated to a secure location.
- Service-Restoration Procedures
- Service restoration, as a result of the loss of any communications service in the District, will be performed in the following priority:
- Districtwide telephone service
- Schoolwide telephone service
- Districtwide data service (any variety)
- Schoolwide data service (any variety)
- Individual telephone service
- Individual data service
Helpdesk Service-Request Procedures
- All service requests must be made through the FCPSNet helpdesk system.
- STCs should contact the user within 24 hours for the initial response and diagnosis.
- Computer Maintenance Technicians should contact individual user(s) making a request to schedule a time for service within two working days for most requests.
- If a user does not hear from a Computer Maintenance Technician within two business days of the initial request, they should contact their STC.
- If STC and the Computer Maintenance Technician are unable to schedule a time for service, the STC will contact the CIO.
- All Technology purchases must be submitted to the CIO for approval. This includes all hardware and software that will be used by any FCS employee or student, and/or in any FCS facility or vehicle, and will include any hosted services as well.
- The purchase of workstation(s)/laptop(s)/hardware will use the KETS Contract on the KDE website and the vendor’s website/contact to create a quote for the items to be ordered. (Approved vendors will only be accepted.)
- The CIO will review the quote and if approved will notify the person placing the order.
- A completed Purchase Order with appropriate signatures and commodity codes, provided by the CIO, shall be submitted to the CIO.
- Once appropriate signatures are obtained, the order can be placed.
- The purchase of software or hosted services will be submitted to the CIO for approval.
- Users will submit a completed Purchase Order with appropriate signatures and commodity codes, provided by the CIO, accompanied with the quote from the vendor to the CIO.
- Once all signatures are obtained, the CIO or designated person will place the order.
- School specific software must follow the approved software procedures and steps. The purchase of this software and all licenses and annual fees are the responsibility of the specific school.
- NOTE: Purchasing of certain specialty items not found in the approved vendors catalogue or website will follow the same procedure as above with the additional step of submitting quotes from different vendors to ensure competitive pricing. If the item is from a single source vendor, the requisition should indicate that and should be accompanied with a quote from that vendor.
Surplus Technology Procedure
- All surplus items must receive non-repair status.
- If items contain a storage device, that device must be formatted and erased completely or destroyed.
- The District Technology Surplus Form must be completely filled out and be signed by the school principal and the Chief Information Officer.
- A time will be scheduled for the items to be physically removed from each building so items can be disposed of appropriately.
Access to Network Services
- Physical Access to the Network
- Access to all distribution frames (technology wiring closets and cabinets) within Franklin County Schools is restricted to the School Technology Coordinator and those members of Technology Support Team that require access to the distribution frame to perform their job functions, along with maintenance/custodial staff. The main distribution frame should be a dedicated space and not used for storage of supplies needed by school personnel. The main distribution frame at a site is the heart of the network at that site and not a storage closet. Due to the uninhibited inherent nature of many local server console ports residing in the distribution frames, limited physical access is key to maintaining secure communications.
- Any disruption to the physical network infrastructure should be reported to the Technology Support Team so that recovery can begin.
Construction/Modification of Networks
- Franklin County Schools Network Construction
- Network construction in any building is prohibited unless it has been approved by the CIO. This includes the adding, removing or moving network drops within rooms, as well as moving network equipment or wiring closets.
Additional Network and Telephone Outlets
- It is recognized that as the curricular needs of a school change, more drops than are currently installed may be needed. It is the responsibility of the school to pay for outlet/drops necessary to provide the larger network presence. There are several variables that will affect the cost of each drop. For example, the distance of the drop from the wiring closet will determine how much wire must be installed, and wire is purchased by the foot. Whether or not there are open ports in the wiring closet on the patch panels and switches will also affect the overall cost. The structure of the school itself will have an impact on cost because different types of construction can be more difficult or less difficult to install wire in, and labor costs are based on an hourly rate. In short, the cost of a drop will vary with each drop and could range in price significantly depending on the work involved.
- The work should be arranged through a maintenance contract with a contractor that has been approved by the CIO. The school will need to transmit a written request to the CIO. Once the request is received, the CIO will contact the contractor to arrange for a price quote to perform the work. Upon receipt of the price quote from the contractor, the CIO will inform the school of the amount required on the purchase requisition.
Amendment and Change Procedures
- Because technology changes so rapidly, it may be necessary to change policies and procedures written in this document. Therefore, suggested changes can be submitted to the CIO for consideration.
Board Policies and Procedures
- The latest Franklin County Public Schools policies and procedures can be obtained by visiting the central offices, or online at http://policy.ksba.org/F07/
Donated Computers and Other Hardware
From time to time businesses, teachers, and parents have an interest in donating computer equipment to the Franklin County Schools (FCS). Although this consideration is always appreciated, it brings with it a number of concerns. Support for non-standard computer equipment by the technology support staff is problematic in that the repair time can be long and locating parts can be time consuming. It is also common that equipment being donated is inferior to the equipment being used in FCS.
This policy attempts to facilitate the receipt of donated computer equipment from private, corporate and governmental donors. It is intended to promote the valuable computer contributions being made by numerous community partners while also controlling the real costs to the district of licensing and support.
The cost for modifications and adaptations that may be required before donated hardware is useful for instruction could require expenditure of unbudgeted funds. If equipment that does not meet FCS needs is accepted, an "asset" could become a liability due to the cost of disposing of obsolete or non-repairable computers
For this reason, FCS will accept only those donations that facilitate the District’s technology plan, are compliant with the District’s computing platform, and are capable of meeting District standards with minimal expenditures. Donations that do not meet the minimal standards may be accepted, but only at the discretion of the Chief Information Officer.
Donated computers accepted by FCS will fall into two categories:
- Stand-alone computers intended to supplement classroom experiences, but not to be connected to the district network.
- Computers that can be connected to the district network.
The FCS Technology Support Staff, along with the CIO, will make a decision on the usefulness of the equipment based upon the guidelines in this document, knowledge of the current KETS standards, and planned changes for future purchases and District projects. The CIO will inform the individual as to whether the donation will be accepted. Equipment dropped off directly at schools without permission of the CIO will not be accepted nor supported.
Computer Setup Guidelines
The donated computer’s hard drive will be completely reformatted in order to verify that only properly licensed software (including the operating system) is installed.
The donating individual, group, or company may transfer licensing of Microsoft Operating System software by writing a letter indicating the transfer of the license and providing that letter with the donated equipment. Disks and other documentation should accompany all software that is donated with the computer.
Computers that do not meet the minimum standards may be used only as stand-alone computers. Support for donated computers is limited to software maintenance and minor repairs not requiring the replacement of parts or significant technician time.
Printers and Monitors
Laser printers may be placed on the network provided they contain built-in network cards and can be managed via a web browser.
Inkjet printers may be accepted but not networked and are not to be shared from one PC to another.
LCD monitors may be accepted and used.