Meeting the NH Standards for Privacy and Security of Student and Employee Data
What is NH RSA 189:66 (HB 1612)?
NH RSA 189:66 (HB1612 amended) mandates all education agencies develop a security plan which protects student and teacher personally identifiable data, and department records from cyberattack. The protected data includes both electronic and physical formats.
What are the minimum data standards?
Inventory and review of all software applications, digital tools, and extensions to assure standards set by the department are met or exceeded.
Review of infrastructure that houses applications, tool and extensions to assure standards set by the department are met or exceeded.
Update policies and procedures for data access and protection of privacy for students and staff including acceptable use policy for applications, digital tools, and extensions.
Development of response plan for a data breach (RSA 359-C:20).
Require all service providers to meet or exceed standards for data protection and privacy.
Present Data and Privacy Governance Plan to school board.
Our approach not only meets RSA 189:66 standards, but exceeds them.
Our comprehensive plan takes it further than just a traditional Nessus scan. We assess all applications, preform risk assessments, and deliver a final report detailing vulnerabilities, compromised data and remediation suggestions.
Our partnership includes?
Internal Vulnerability Assessment of network and applications that maintain personally identifiable data and department records.
External Vulnerability Assessment of all public entry vectors for vulnerabilities that could lead to personally identifiable data and department records being compromised.
Onsite evaluation of physical security including evaluation of physical structure for potential server and data theft.
Process documentation review including data governance and usage policies, and incidence response plan.
Meeting with key stakeholders to ensure data security processes and incidence response plan are understood in case of compromise.
