ITR008 – Equipment Lifecycle

PurposeThis Information Technology Rule describes the lifecycle for and processes required for procurement, maintenance, and disposal of network attached devices. Proper handling of procurement, implementation, maintenance, and disposal of equipment is essential to protecting the data and interests of Lincoln Public Schools.

Network Attached Devices

The term network attached devices is defined to include all equipment owned and/or operated by Lincoln Public Schools connected wired or wirelessly to Lincoln Public Schools networks. This includes, but is not limited to, student or staff laptops, iPads, desktop computers, AppleTV, or any device that may fall into the “Internet of Things (IoT)” category.

Procurement

The Computing Services Buying Guide contains an exclusive list of network attached devices that are pre-authorized and are known to be configurable and supportable by Lincoln Public Schools. All such devices must be purchased through the Computing Services requisition process. All network attached devices not listed on the buying guide must be approved by Computing Services prior to purchase.

Implementation

New network attached devices must be updated with all available security patches from the vendor prior to use for their intended purpose. All default passwords must be changed. Computing Services will also ensure that the device is added to the authorized network inventory. Network attached devices on the Computing Services Buying Guide are routinely pre-configured by authorized Computing Services technicians, specialists or engineers. New network attached devices approved for purchase are not automatically approved for connection to the network. A servicedesk request for network configuration assistance must be filed for any device that is not pre-configured. The network attached device may only be connected after an authorized Computing Services staff member has approved the configuration. Staff outside Computing Services may not independently configure network settings, with the exception of connection to other wireless networks outside of Lincoln Public Schools buildings (e.g. connecting an LPS assigned laptop to a home network).

Maintenance

Network attached devices must be kept up to date with available security patches in a timely fashion. Network attached devices with known unpatched security flaws may be subject to removal from Lincoln Public Schools networks. It is expressly prohibited to alter network settings without the guidance and consent of authorized Computing Services staff.

Some network attached devices, due to their nature, may use a single set of credentials for multiple users. Passwords on such devices must be changed on an annual basis.

Disposal

Computing Services must be notified of removal of network attached devices. A service desk request may be filed to request assistance with disposal of devices. This allows staff to disable network access and remove the device from inventory. All data belonging to Lincoln Public Schools including accounts and password information must be removed prior to relinquishing ownership of the device. If possible, the device should be reset to factory defaults and/or erased completely.

What does this mean to me?

LPS maintains a fleet of over 60,000 computing devices. The scale of this work, our responsibility as stewards of public funds, and our responsibility to maintain data security requires a detailed process for the purchase, use, maintenance and disposal of approved devices..

  • All devices must be purchased through an LPS requisition process.
  • Any devices not listed on the LPS buying guide must be pre-approved by Computing Services.
  • All devices are pre-configured by Computing Services to establish an inventory record and ensure security compliance. These settings should not be altered.
  • Computing services should be notified prior to disposal of any devices in order to review data removal and assess whether the device might be utilized elsewhere in the district.