RosarioSIS includes student information and school administrative records. Hardening must focus on PII protection, role segregation, and strict report/export access.
¶ 1) Lock down user roles and school data access
- Restrict administrator and registrar-level rights.
- Review role permissions per school year/term.
- Disable unused modules and unused account types.
- Remove stale staff/student/parent accounts.
¶ 2) Protect SIS data and exports
- Restrict CSV/PDF export privileges.
- Encrypt backups containing demographic and attendance data.
- Apply strict database access controls and network isolation.
- Audit record edits for grades, attendance, and billing modules.
¶ 3) Harden web application and runtime
- Enforce HTTPS and secure session cookies.
- Restrict file upload types and size.
- Patch RosarioSIS, PHP, and DB components regularly.
- Add brute-force protections on login endpoints.
- RosarioSIS technical docs: https://www.rosariosis.org/technical-specifications/
- RosarioSIS source repository: https://github.com/francoisjacquet/rosariosis
Any questions?
Feel free to contact us. Find all contact information on our contact page.