(Drafted March 2026. Pending Governing Board Approval)
Asset & Configuration Management Standard
1. Purpose
This standard establishes minimum expectations for identifying and managing Colearn Academy’s cloud-based systems and the credentials used to access them, and for applying baseline configurations that support secure and reliable operations. The School does not track individual devices or hardware.
2. Scope
This standard applies to key cloud‑hosted systems and applications used for instructional or administrative purposes and to the cloud credentials (accounts and access) used to access those systems. It does not apply to inventorying or tracking individual devices or hardware; the School tracks only cloud systems and credentials.
Operating context: Colearn Academy has no physical building and no school-owned hardware. Devices used for school purposes are owned by families or students. The School does not maintain a list of computers or other devices; it tracks only the cloud credentials used to access systems and user engagement with cloud services.
3. Asset Inventory
3.1
Colearn Academy will not maintain a list of computers or other devices used for school purposes. The School will maintain a list of actual hardware owned and controlled by the School (if any). The School tracks only cloud credentials used to access systems and user engagement with cloud services; there is no tracking of individual devices or hardware.
3.2
Colearn Academy will maintain an inventory or register of key cloud systems and services (for example, student information system, learning management system, communication and collaboration platforms, assessment platforms, and file storage services) and of the credentials and access methods used to reach them.
4. Authorized Systems and Access
4.1
Colearn Academy will identify authorized cloud systems and the credentials used to access them. The School does not define or track “authorized devices” or hardware; only cloud systems and account/credential access are in scope.
4.2
Where feasible, the School will take reasonable steps to limit the use of unauthorized credentials or access on school cloud systems and accounts (for example, through access controls, identity management, and acceptable-use expectations). No control or tracking of individual devices or hardware is required.
5. Baseline Configuration
5.1
The Information Security Lead, or a delegated technical role, will define baseline configuration expectations for key cloud systems and for the security of credentials used to access them (for example, authentication and access settings, role-based access, and security options offered by the platform). This standard does not require configuration or tracking of individual devices or hardware.
5.2
New cloud systems or accounts should be configured to align with baseline expectations before being placed into production use, when feasible.
6. Configuration Changes
6.1
Material configuration changes to critical cloud systems (for example, SIS, LMS, identity platform, or other key applications) should be documented in a simple change record (such as a ticket, log entry, or change register) that identifies the date, purpose, and responsible person.
7. Review
This standard will be reviewed at least annually and updated as needed to reflect changes in technology, risk, or best practices.