On this page
Roles and responsibilities#
Kaimahi | teachers and staff play a key role in maintaining the integrity and security of the digital learning environment for your school or kura. It is important that staff clearly understand their responsibilities.
We recommend several key roles and responsibilities for your school, as a minimum.
Which staff members you assign to these roles depends on what works best for your school. 'Lead' responsibilities could be split across multiple people, such as the principal and an information technology (IT) lead teacher.
You can download a printable version of roles and responsibilities below.
Cyber security#
All staff are responsible for adhering to your school’s cyber security policies and acceptable use guidelines. They’re also responsible for keeping an eye out for suspicious activity and reporting it.
Cyber security matters should be led by the school administrator or IT lead. They are responsible for:
- overseeing the implementation of cyber security policies and procedures
- overseeing cyber training for staff
- promoting good cyber security practices across your school
- championing cyber safety measures such as strong passwords, acceptable use guidelines, and 2-factor authentication (2FA)
- making sure devices are up to date and patched.
Creating a Password Policy Guidance
SA2 – Acceptable Use Guidelines
IM1 – Detecting and responding to an incident
Cyber safety#
Cyber safety at your school should be led by your administrator or IT lead.
They are responsible for making sure that:
- your school has a process in place to respond to digital incidents
- cyber safety is incorporated into staff training.
All school staff are responsible for supporting cyber safety. Responsibilities include:
- familiarising themselves with cyber safety processes
- helping to respond to a cyber safety incident if required.
Privacy matters#
Your school must appoint at least 1 person as a privacy officer. This is required under the Privacy Act 2020.
Privacy Act 2020 – New Zealand Legislation
The privacy officer is responsible for:
- developing a process for responding to privacy breaches
- developing a privacy policy
- championing good privacy measures, such as protecting.
All school staff are responsible for protecting, handling and addressing any privacy matters.
Responsibilities include:
- using strong passwords and not sharing them
- storing files and documents in a secure place
- sharing information securely
- reporting any privacy concerns to your school's privacy officer
- following your school's privacy policies.
Incident management#
The school principal, or another staff member in a similar position, should lead any incident response.
They are responsible for:
- overseeing response efforts among all involved
- communicating to staff, students, parents, whānau | families and caregivers about the incident and response actions
- leading the response to identify the cause and impact
- documenting incident and response actions for future reference and learning
- conducting a post-incident review.
They are also responsible for making sure the incident response plan is regularly tested.
Monitoring for alerts and managing your technical environment#
Your school's IT and security responsibilities can be assigned to your IT lead or IT service provider. It can also be split between them.
This area of responsibility includes:
- monitoring your Google or Microsoft alerts
- monitoring your antivirus alerts
- managing your configurations.
They are responsible for:
- making sure roles and responsibilities for security and IT are documented (if your school uses an IT provider)
- managing user access and enforcing 2FA
- configuring your Google and Microsoft accounts to align with school security guidelines.
- monitoring the implementation of N4L services at your school
- responding to requests and security alerts from N4L.
Network for Learning (N4L) provides several fully funded services to help protect staff and students online.
Whether or not you work with an IT provider, your school needs to assign someone (the IT lead) to work with N4L when they contact you to deal with an issue.
Internet safety and security services – Network for Learning (N4L)
Backup and recovery#
We recommend assigning someone to be primarily responsible for managing backups. This includes completing backups of your systems and testing the recoverability of the backups.
They could be your school's IT lead or IT provider.
They are responsible for:
- developing and implementing backup strategies
- selecting appropriate backup solutions that align with your school's needs
- scheduling, performing and testing the backups
- testing the Disaster Recovery Plan
- training and supporting staff with backup processes.
All staff at your school are responsible for knowing which data they need to back up on their own devices.