1. Home
  2. Incident Response

Incident Response

Medium

K-12 clients who use STAGEnet Internet access and NDIT-EduTech services agree to follow the STAGEnet and NDIT-EduTech acceptable use policies. K-12 clients are likely to have a local school acceptable use policy to follow as well.

NDIT-EduTech is aware there may be situations in schools where inappropriate use of computing resources takes place. This misuse may range widely in seriousness and impact on other users. Often misuse can be addressed by the local administrator in the school where the misuse occurs.

Major violations may include misuse that significantly impacts work performance, misuse that may affect the school community (e.g., creates a potentially hostile environment) or the school image and/or misuse that violates policy/law. When these potentially major violations are identified, the following procedures are used to provide fair and consistent treatment for clients and to assure information is protected.

Available Information

In cases of misuse, NDIT-EduTech has the access and resources to deliver the following information to school administrators (or person of equivalent position) under the guidelines listed below.

E-mail

Given compelling reasons, as outlined in the guidelines below, NDIT-EduTech will make the information stored for a particular user account available to an administrator (superintendent or principal, or person of equivalent position) with administrative responsibility for the user in question.

NDIT-EduTech has the capability to initiate a Litigation Hold, which prevents destruction of any mail in a user account. NDIT-EduTech may also provide information from:

  • Current Data: Email messages currently in an Inbox or mail folder
  • Deleted Items: Items which have been purged within the last 14 days
  • Mail Activity: Traces of message activity sent from or to a specific account within the past 90 days

Deleted Items Details: Prior to June 17, 2015, messages were automatically purged from Deleted Items 30 days after they were deleted. After June 17, 2015 messages are only purged when a user Permanently Deletes them or deletes messages from the Deleted Items folder.
Mail Activity Details: Message tracing does not search message content, only sender, recipient, message ID metadata and activity times.

Office 365 account content is purged 30 days after an account is disabled, unlicensed, or otherwise removed from the state’s Active Directory.

Web Activity

Given compelling reasons, as outlined in the guidelines below, NDIT-EduTech will make the information about the web activities performed by a particular computer(s) available to a school administrator (superintendent or principal) within administrative responsibility for the computer(s) in question. NDIT-EduTech has the capability to provide data from two sources:

  • Web/Internet Filter logs: Web activity occurring on the STAGEnet K-12 network is logged and retained for at least 90 days.
  • Network Access Logs: Non-Web network activity (FTP, Telnet, SSH, etc.) is logged and retained for at least 90 days.

NDIT-EduTech will not be able to identify the user involved in the activity, nor will we have copies of the specific content being accessed. We can relate a computer’s IP address to the web/network requests originating from that IP. It will be the duty of the school to determine which individual(s) were using the computer at the time the activity occurred.

Guidelines

  1. NDIT-EduTech will respond to all subpoenas delivered by law enforcement.
  2. NDIT-EduTech will respond to administrator requests for information under the following circumstances:
    1. A written request, on school letterhead, is received from a school administrator (or person of equivalent position) with responsibility for the user/computer in question. When a request involves electronic activities of a chief administrator, requests from the school board president will be considered.
    2. The request contains the following:
      1. Description of the policy/law suspected of being violated
      2. The facts and data causing an inference that inappropriate activity took place.
      3. Specific dates and times the activity occurred
      4. IP addresses in use when performing the activity (if necessary)
    3. The request must be signed by the administrator or school board president and mailed or electronically delivered to the NDIT-EduTech Help Desk Manager
  3. All information delivered to the administrator or school board president becomes the property of the school district or organization and is to be secured by them.
  4. If NDIT-EduTech and the school administrator or school board president disagree on whether a reasonable cause exists, the decision may be appealed to the Request Review Committee (RRC), consisting of three members of the ND Educational Technology Council and an NDIT-EduTech staff member (non-voting). The decision of the RRC is final.
  5. NDIT-EduTech logs all requests for information including the school/organization and administrator name, date(s) and the information delivered.