30 Sep 2021

WebSAMS Build Version Upgrade Release Note

(Applicable to CloudSAMS Schools)

WebSAMS Build Version Upgrade Package for version 3.0.0.30092021 will be automatically
installed in the Cloud Server on 14 October 2021, 14 calendar days after the build’s public
release on the WebSAMS Central Document Repository.
(URL: https://cdr.websams.edb.gov.hk/版本升級/網上校管系統/)

School staff can manually install the build earlier than the above schedule by:
1. Connect VPN and login WebSAMS by the SCHOOL_HEAD, CS_ADMIN or
CS_SUPP group user account.
2. Go to Security > Cloud Service Management > WebSAMS Management >
WebSAMS Upgrade.

If error occurs during build installation, WebSAMS will automatically rollback to the original
build. Please refer to the “Computer Operating Procedures Manual For School”.
(URL:
https://cdr.websams.edb.gov.hk/Files/PilotCloud/Reference/Computer%20Operating%20P
rocedures%20Manual%20For%20School.pdf)

Enhancement

ATT
 Add a new function of sending notification email to EDB Non-attendance Cases Team
and “SCHOOL_HEAD” user group if any student is continuously absent for 8 days or
above.
HSE
 Add search function to facilitate users in searching code tables by "Type" and/or
"Category".
STU
 Update the validation of schools’ data submission for the Survey on Senior
Secondary Subject Information with regard to the core subject “Citizenship and
 Social Development” (in lieu of Liberal Studies starting at S4 in the 2021/22 school
year).

Application User Manual

 ATT – Both Chinese and English versions are updated.
 HSE – Both Chinese and English versions are updated.

The following problems reported have been resolved:

1. APL
 Align ineligibility checking on [S-APL08-01] Applied Learning > Student Departure
with R-APL001.
2. ASR
 Fix the problem of showing blank page after promotion in [S-ASR39-01] Assessment
> Promotion > By Each Student when a new student is enrolled in the next school
year.
 Fix the function of “printing in report” to generate the report R-ASR056C/E for
departed students.
3. CDS
 Fix the problem of displaying the submission time of Change School Key.
4. FMP
 Fix the problem of showing incorrect accounting month range in report R-FBK034C/E.
5. HKA
 Fix export/import function of using class code instead of class name in HKAT > Score
Maintenance.
6. SEC
 Revise validation rules so that student and parent account names are case
insensitive.
 Fix the problem of assigning account to user group when appointment of the staff
with future start date.
 Amend R-SEC007C/E and R-SEC007aC/E to support printing with multiple modules.
7. STU
 Fix photo upload problem at Student > Photo Upload.
 Fix report download problem of R-STU043.

The following reports have been added / updated:

Module Report Name Change Detail
ASR R-ASR056-C.rpt Revised in log
R-ASR056-E.rpt
 FBK R-FBK034-C.rpt Revised in log
R-FBK034-E.rpt
SEC R-SEC007a-C.rpt Revised in log
R-SEC007a-E.rpt
R-SEC007-C.rpt
R-SEC007-E.rpt

Tips on safeguarding the security of WebSAMS

In order to safeguard the system security, schools are highly recommended conducting the
following important security risk assessment regularly.

1) Perform scheduled virus scan and update anti-virus software regularly on WebSAMS
server and workstations at school campus;
2) Check Unsuccessful Login Log to monitor system (WebSAMS on cloud & Windows
operating system of server at school campus) usage on a daily basis; and
3) Monitor and block abnormal network traffic (please consult your network vendor if
necessary).

For more details, please refer to WebSAMS Security Guide and Recommended Practice at
the WebSAMS Central Document Repository.

Should you have any enquiry or support request of the functions in WebSAMS, please
contact WebSAMS support at 3125 8510, fax 3125 8999 or email to
websams_support@hk.ncs-i.com. For enquiry on the cloud platform, please contact the
corresponding Cloud Helpdesk.
(URL: https://cdr.websams.edb.gov.hk/聯絡我們/ )

Gentle Reminder to WebSAMS Users

With an aim to safeguarding the security of WebSAMS, schools are recommended to
follow the guidelines of “Information Security in Schools – Recommended Practice” at
the location of:
https://www.edb.gov.hk/en/edu-system/primary-secondary/applicable-to-primary-
secondary/it-in-edu/information-security/information-security-in-school.html

Every item included in the IT Security in Schools – Recommended Practice (ITSS) is

applicable to WebSAMS and essential for the establishment and maintenance of the
IT Security Policy defined by every school.
The Cloud Contractor will regularly update the Windows OS on the Cloud Server.
However, schools should install the Important Windows Updates (excluding the
“Service Pack” and “Major Version Upgrade”) of Microsoft Windows Server 2012 R2
and antivirus updates timely on the WebSAMS server at school campus for
contingency measures. Please refer to the “Doc 31 – WebSAMS Computer Operation
Procedures Manual for School” and “Cloud WebSAMS Disaster Recovery Guide” at the
following locations for details:
https://cdr.websams.edb.gov.hk/Files/Sys_sec/Sys_operation/COPM(SCH%20WebSAMS3
.0)_MN_v1.6.zip
https://cdr.websams.edb.gov.hk/Files/PilotCloud/Reference/Cloud%20WebSAMS%2
0Disaster%20Recovery%20Guide%20(for%20School)%20v%203.0.pdf

In particular to the areas of password management and incident handling procedures,

the followings are highlighted in order to assist schools to review their definition and
enforcement:
a) All WebSAMS users are required to have their own identities, or user
accounts, in order to access the system. Passwords should not be shared or
divulged unless necessary. The risk of sharing passwords is that it would
increase the probability of security being compromised. If individual user
account is used and no password is shared, user activities on the system can
thus be traceable and accountable to the corresponding person. Schools
should also review their own IT security policy or practice to avoid password
sharing of the WebSAMS user accounts.
b) Schools should well define their own Security Incident Handling Procedures
for IT Systems including WebSAMS and notify the right people timely
accordingly.

In order to ensure system and data security, schools are also recommended to refer
to the “WebSAMS Security Guide and Recommended Practice”
(https://cdr.websams.edb.gov.hk/Files/Sys_sec/Security/security.pdf), visit the
WebSAMS Central Document Repository (Designated Page for Cloud Platform)
(https://cdr.websams.edb.gov.hk/pilotcloud/) regularly to check for latest release of
the corresponding guidelines and pay attention to the relevant information
announced by the EDB, and conduct checking of WebSAMS system security settings
of the WebSAMS server and workstations at school campus on a regular basis as well
as a need basis by making good use of System Security Setting Checklist for WebSAMS.
For details, please refer to the “System Security Setting Checklist for WebSAMS” at
the following locations:
https://cdr.websams.edb.gov.hk/Files/Sys_sec/Security/System%20Security%20Set
ting%20Checklist%20for%20WebSAMS%20(in%20English%20version%20only).pdf
Last but not least, WebSAMS users are recommended to regularly visit the
Information Security website of HKSAR (https://www.infosec.gov.hk) for updated
information of IT security.