SAU 19 uses a variety of tools and safeguards to help keep student and staff data secure.  Below is a breakdown of the principals used.

  1. Only collect the minimum data required.
    1. Data breaches are inevitable, not a month goes by where we don’t hear on the news about a cyber event resulting in a data breach.  The easiest way to prevent data from being compromised is not to collect or store it.  We only collect data that is necessary to meet the district’s statutory requirements for providing an education to students and meeting our state and federal reporting requirements.
  2. Only share the minimum amount of data with 3rd parties.
    1. Online tools can’t have a data breach if they don’t have any data.  We only provide the minimum amount of data to online systems.  For curriculum assets this consists of ONLY directory information, and whenever possible we use the "N/A" option.
  3. Ensure that all 3rd part digital tools meet a minimum set of data security standards.
    1. NH Law RSA 189:66-V requires schools to verify that all software applications and online tools meet a minimum set of Cyber Security Standards.  The standards chosen were a subset of the NIST 800-171r1 guidelines for “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations”.  Each digital tool and software application is reviewed on a 3-year cycle to ensure compliance.  The complete list of these programs and the compliance documentation is available online.
  4. Enforce SSO (Single Sign On) and MFA (Multi Factor Authentication) whenever possible.
    1. The district utilizes Single Sign On whenever possible for online resources.  While this makes things easier for our end users, it also limits the number of times when a user has to "log in".  Because users only log in on specific sites, it helps make Phishing attempts more obvious.
    2. The district also requires any user who has access to sensitive data (either financial or Personal Identifiable Information) to have MFA applied to their account.  We also have additional protections in place for access outside of the USA. 
  5. Monitor the web for data breaches that contain any sau19 accounts or email addresses
    1. The district has a subscription to “Have I Been Pwned”.  This tool monitors the web for data breaches and notifies customers when organizational email accounts appears in data found in a public data breach.
    2. Should an email account appear in a data breach, we notify the impacted user(s).  Many times through this service we get notified of data breaches in platforms not utilized by the District because an individual used a school district email address when they registered with that platform. (For example we had several accounts impacted by the Hot Topic and Advance Auto Parts data breaches in 2024 )
  6. Test the security on all of our systems regularly
    1. The district utilizes a variety of tools provided by CISA to review and assess our systems for cybersecurity vulnerabilities.  These assessments are be conducted on a weekly / monthly / annual or bi-annual basis depending on the tool.
    2. The district has regular security audits provided by outside agencies identify and mitigate any found issues.