Give users only the access they need
Every user should have access based on responsibility. Teachers do not need fee configuration access, accountants do not need exam publishing access, and parents should only see records related to their own children.
Review accounts regularly
Schools should disable accounts for staff who have left, update roles when responsibilities change, and review administrator access at least once every term.
Protect exported data
Reports exported from an ERP can contain sensitive student or financial information. Exported files should be shared only with authorized people and removed from personal devices when no longer needed.
- Avoid sharing full student lists over public messaging groups.
- Limit exports to the fields actually required.
- Keep backups and exported reports in approved storage locations.
Train staff on privacy basics
Technology alone cannot protect data. Staff should know how to handle passwords, parent phone numbers, student records, fee details, and report cards responsibly.
