Category Archives: IT Management

The changing face of Data

Change never stops. There is always something else. Kyu Shin Do. Kaizen.

The latest thing I have a chance to work on, is to support schools as they get to grips with the changes that GDPR brings. But isn’t this another piece of red tape that will be a burden to schools? Well, yes, there are additional things schools will be obliged to do, but many things they should be doing already, if they are taking data protection and information handling seriously in the first place.

About 10 years ago I was sat on a working group for Becta, looking at Information Handling and Data Protection, and a lot of the advice was pretty full of common sense and those schools that picked it up, updated practices as further advice from the ICO was released and generally kept abreast of changes … well, for them the changes brought in by GDPR are an evolution, not a revolution … and this is important to remember.

Some improvements in processes; ensuring that you discuss with data processors about what they are doing with the data the school, as data controller, lets them process; having someone to have that oversight as Data Protection Officer; and so on … but these are all manageable with the right tools.

However, some schools are not up to speed. Some schools have only seen the scare headlines in some of the more sensationalist press (I won’t even link to them, they are that annoying and wrong). Some schools are being promised silver bullet solutions or are being told it will cost extortionate amounts of money to get the right experts in. In short, for some it is the Wild West.

It doesn’t need to be. There is good advice out there. There are people working to right the wrongs caused by these myths. The ICO has even started a series of blog posts around debunking these myths.

GDPR in Schools have already started to help schools understand their position and what they need to consider. They have developed a tool to help schools manage and record what data they handle, who and how it is processed and, possibly most importantly, why they are processing it. And this approach, to help schools fulfil a legal obligation in as simple a manner as possible, is one of the reasons why I am happy to announce I have joined GDPR in Schools as their Operations Manager.

Over the coming weeks we will discuss more around obligations, some of the legalities, some of the myths and how we need to make sure the dog is wagging the tail and not the other way around. We will continue discussions on EduGeek.net’s Data Protection & Information Handling sub-forum, join in discussions on LinkedIn and Twitter (#GDPRubbish can be an amusing yet illuminating hashtag to follow), and continue to publish advice through our blogs.

If you have any questions, please don’t hesitate to ask. Some questions can’t even be answered by DfE or ICO yet, but we will be there, on your behalf, asking the questions and pressing for answers.

DIGITAL PARENTING – TEACHING CHILDREN ABOUT TECHNOLOGY AND THE RISKS

(originally posted for Mobile Guardian)

We always welcome working with schools on eSafety, especially when it comes with supporting agencies and schools in their delivery of Get Safe Online. That is one reason why Tony Sheppard, our new Technology Manager, took a trip to Chesterfield last week as Chesterfield Safer Neighbourhood Team were invited into one of the local Junior Schools.

Supporting the Get Safe Online programme is an important part in our role of providing tools to support technology in schools and ensure the same ethos of classroom management can be applied with or without mobile devices and stop technology being a barrier to learning by giving ownership and control to teachers where appropriate.”

It is not just about turning technology off or blocking inappropriate content, but also about helping schools, parents and children make appropriate decisions in the all-encompassing digital environment.

Whilst the Safer Neighbourhood Team covered the stats and facts, the laws and the wherefores, Tony talked about the difficult task parents face with connecting with their children about technology and the risks.

“When we talk about Digital Parenting, we are really just talking about Parenting. We have to remember that magic triangle for Parental Engagement.”

Parental Engagement Triangle

(Becta: Exploiting ICT for Parental Engagement, May 2008).

“For most parents the important area is dialogue between them and their children. When we think about where we get advice about parenting, in general, we have a large number of options for us. School, family, friends, local services (such as the library or community services), online … and from our children themselves. Remembering that Monday was World Mental Health Day, it is important to remember that listening is an important part of parenting.”

Childnet has produced a number of suggestions for conversation starters with children

  • Ask your children to tell you about the sites they like to visit and what they enjoy doing online.
  • Ask them about how they stay safe online. What tips do they have for you, and where did they learn them? What is OK and not OK to share?
  • Ask them if they know where to go for help, where to find the safety advice, privacy settings and how to report or block on the services they use.
  • Encourage them to help. Perhaps they can show you how to do something better online or they might have a friend who would benefit from their help and support.
  • Think about how you use the internet as a family. What could you do to get more out of the internet together and further enjoy your lives online?

Childnet also provides an example of a Family Agreement that can be used to support the appropriate use of technology.

There are many scenarios around family use of technology, and we can look at these over the coming weeks, partly because there is often direct correlation between the struggles parents and their children have and the struggles with classroom management.

  • The Nag Factor
  • The Unexpected Gift
  • Always Switched On
  • Don’t Ever Switch It Off
  • Compromising Photo
  • But Just How Much Are You Costing Me?
  • The Packet Of Crisps

Once you have thought about what you want to do with technology, and how it is going to be used, only then do you think about what technical controls you need to put in place and who provides them.

The latest edition of Vodafone’s Digital Parenting magazine also provides a wide range of advice and information and the magazine is freely available to all schools.

With parents, they need to think about their Internet Service Provider, Mobile Provider, home networks (controls on the router for WiFi passwords, timed access, etc.), built-in tools (advice from Microsoft, Apple, etc.) and Commercial tools (covering timed access and location controls, web filtering, control which applications can be used, control installation / deletion / in-app purchases).

The same questions can be asked within schools and it is always best to be proactive about making sure the tools you choose match how you manage your classrooms and manage the learning.

At Mobile Guardian we provide a home MDM and parental dashboard, as standard, to all parents at school utilising our technology. That way parents can manage school and home owned devices – for free!

To find out more, ask your school about Mobile Guardian and follow us on Twitter to keep up to date with all our safeguarding tips.

Do we *REALLY* know how much is spent on IT?

A tweet was posted by @MSETCHELL yesterday (mattianuk on EduGeek) about being asked to work out the cost of the entire network.

This didn’t strike me as a strange request to be honest. It just seemed to be a standard pain-in-the-backside, paper-generating, unread-report-producing exercise … probably needed because of some arcane bid proposal which schools sometimes get involved in to try to squeeze money out of any available pot or group. It is worth saying the businesses do the same thing when applying for EU funds, regeneration funding, moving locations, etc … so it happens all over the place.

I replied that

I thought that would be fairly easy to generate? Have asset library with original costs, calculate depreciation, etc

But Matt said he had a full inventory but not purchase costs.

It struck me about this being another example of where silos exist in schools, this time between departments of support / admin staff rather than between curriculum departments.

It also made me wonder what do people record in their asset library? How do them maintain it? Who is the ultimate owner?

At Learning Possibilities, we work based on ISO27001 : 2013 (part of our standard of working for a variety of contracts, as well as best practice) and knowing your assets is vital, whether they are physical, intangible or information assets. Whilst the standard is over the top for most schools it does clearly align with standards such as the Framework for ICT Technical Support (A school friendly Service Management IT Management regime based on ITIL v2 and v3, with elements of other good practices from areas such as PRINCE2 and LEAN).

An asset library should not just be about the make, model, serial number and location of a physical piece of kit; it should include other relevant information too. When you install a network in a school you spend a certain amount on cabling … this is also an asset that is often missed. Is the cabling infrastructure in your school suitable for the next 5 years? Are you expected to go Gig to the desktop? PoE?

I’ll be posting a thread on EduGeek to discuss this in more detail about what could and should be recorded but I thought I would set out the basic principles here.

  1. All assets have an initial value (on purchase), a replacement value (how it would cost to replace it based on whether you do like for like replacement or old for new) and a depreciated value (how much they are worth now with their value going down due to an agreed method … and there are a variety of methods).
  2. All assets have a set period of useful life. This might be set out when you purchase the device and be based on a variety of factors. Usually these will be the warranty and support periods for the product, how frequently it receives updates, an estimate on how long you think the functionality will fit your needs and so on.
  3. All assets should be associated with a purchase order, when a direct purchase was made.
  4. All assets should have an ‘owner’. This is the person who is responsible for them to the institute and not necessarily the person who manages them on a day to day basis. An example would be the MIS hold information about timetabling, personnel, students, etc but the SIRO is ultimately responsible. In the same way the iMacs being used in Music are ‘owned’ by the Network Manager, not the Head of Music.
  5. Assets have to be written off at some point in their life. This can only be done by an authorised member of staff.

There are probably more I could add, but this is a starting point for most people.

Some of the above information might be able to be held in the software you use for asset management. Some might already be held in other systems, such as the finance systems.

It will be up to each school whether there is any replication / duplication of the information held … and who updates the relevant asset libraries too.

From the above this should be enough so that the Head and BM can easily see what the value of the network is (in financial terms) and what the total direction is over a period of time, see what is about to be at end of supported life and what they need to replace like for like (in general terms).

Not only does this allow for SLT to plan, it helps them decide on whether maintaining a status quo with regards to IT is affordable or whether changes need to be considered on financial grounds. Changes on curriculum, or leadership grounds are a separate discussion, and that has a slightly different set of criteria and measurement.

There are plenty of ways you can check whether others you work with, as partners or suppliers, are following similar models … a basic tool for IT management. For us it is our work on ISO27001: 2013, but for others it could be ITIL v3 certification of staff, FITS certification,  ISO/EIC 20000 certification. At Learning Possibilities we ask it of some of our partners and are happily reassured.

Have a chat with your own school to see who manages what areas of assets, how the Facilities Management team monitor and write things off, how the Business Manager controls what is put down as needing covering for insurance? See what standards they look at when working with others?

 

There’s many a slip twixt the cup and the lip

“You can please some of the people all of the time, you can please all of the people some of the time, but you can’t please all of the people all of the time”.”
― John Lydgate

BETT always provides something to talk about and this year has been know different. Whether it is announcing to 500 people at a TeachMeet that you and your wife are having a baby (and using Skitch on the scan!) through to the content of some of the seminars on stands.

One of the final sessions today was on the Google stand by Dan Leighton, Director of Technology at The Grammar School in Leeds, where he was basically covering about change in tech in Education. His slide deck is available here.

And a quick note for reference, the Google stand was directly opposite the EduGeek stand (sponsored by Smoothwall).

And why is that important? Well, as someone with 11 years leading EdTech in schools, Dan covered a number of things but the one picked out by friend at EduGeek was that he put out significant challenge that there are Network Managers who resist and block change, who say things don’t work when they can do and who even do things in a certain way to protect their jobs.

Ouch.

As an advocate for the professional identity of IT Support in schools several members shared the situation with me and I dutifully queried it via Twitter, challenging Google on the stance (as this is linked, to some extant, to the classroom in the cloud).

Google came back and said it was not their stance, apologised and then Twitter conversation sparked up around it.

Context is king here, and after discussing in Twitter it was clear that it was not the challenge about resistance to change but the fact that it appeared a swipe was taken at the whole profession.

The problem is… well… we *all* know the people described above. We have even done it ourselves at times.

Change is a difficult thing and to have someone not in our profession have a go at us for blocking it, well it won’t go down well.

However, there are always two sides. As a friend put it, a different lens. I caught up with Dan on Twitter and then via the phone and it is clear that the intended challenge was not aimed at all and sundry, that he has high regard for technical staff (having work in data centres in product design) and that the large barriers are communication and understanding the other person’s perspective.

An apology on Twitter from Dan, and clarifying that he truly does see a good Network Manager as an amazing resource.

But in conversation with EduGeek friends it has become clear that a wider explanation is needed.

Having not seen the presentation or been in the Q&A I am having to sit on the fence between EduGeek and Dan.

Looking at the points complained about, that all NMs were tarred with the same brush of being blockers, that NMs lie about things not working and that NM resist change to protect their jobs … Dan and I discussed these in refreshing openness.

It was never Dan’s intent to tar everyone with the same brush, to upset or insult. Yes, the issue needed highlighting and if listeners thought it was covering everyone that was not the intent. Apologies have been offered and hopefully accepted.

The challenge that some Network Managers say things don’t work when they do? Yes, that is the case. I’ve done it and have seen plenty others do it. The context though is that this is short hand for, “what you are asking for is Techinical feasible but has significant issues… from the resources (people) taken to set it up, the disruption to all other users, the cost, the reduction in functionality compared to what is already in place, it is not part of the 5 year IT development and maintenance plan…” and so on.

Without people effectively communicating, both sharing information and listening in an open manner, all people will hear is, “computer says no!” Moving to cloud services is not a simple change but that doesn’t mean it should not be looked at by all staff, evaluated and an appropriate decision made. If it is against the recommendations of the IT team and they still resist or refuse then that is a personnel issue, not technology.

Mordac, preventer of IT services was used to demonstrate this (from the Dilbert comic strip) and whilst that may be seen as harsh, most of us would have been viewed as that by others … either because we have not communicated or the others have not listened.

That some NMs resist change to protect their jobs? This is an extremely valid point and this is not something unique to IT in schools. What is sometimes not understood is that the job description any IT staff have is poor. That there is an expectation to know everything about everything with a plug. If you have an established skill set based on what you do in the school, and you are paid accordingly.

Change that skill set, change what you do and your job changes. It is like asking a head of English who also coordinates literacy to become a main scale History teacher because literacy is now part of the Humanities focus. This has become evident through BSF managed services and the push of Single Status. In some places these have reduced experienced and highly skilled Network Managers to the equivalent position of a science technician or HLTA. Their sort of change all depends only the Senior Leadership of the school, and those who value their staff will promote the flexibility of technology change but the security of job and terms. This is not to say schools might not get rid people as tools change. In the same way the ICT curriculum changed and some teachers moved on or subjects no longer get taught, the same will happen for IT teams.

It is not unexpected that some, who have seen others damaged due to school choices, might be resistant and seek security. This is a personnel thing again.

The only way all the works together is by having Network Managers recognised for the expertise and professionalism they bring, Teaches recognised for the expertise and professionalism they bring, effective communication between all concerned and an understanding of how to manage change.

Dan’s presentation and challenge might have pressed some of the wrong buttons for some, but the follow up conversation should show how the challenge is needed for some, should be the norm for others and that no insult needs to be taken on either side if there is concern about the stance of either side.

Cloud Storage – update

This is still an ongoing discussion in several places and occasionally I get a prod to look at something and respond. In this case it was a thread on EduGeek (again) and so I responded.

Below is a version of what I posted (with typos / language corrections)

When considering the use of cloud storage there are a number of areas to consider. 

  1. Under the Data Protection Act the most relevant of the 8 principles is principle 7.

    Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

    In previous years the ICO has talked about reasonable steps, but they now make it clearer that it is ‘appropriate’ measures, and consideration of this has to be based on the type of data being stored / processes and the likely impact / damage should it be compromised.

    Translation? Before you decide where you can store things you have to consider what you are storing.

  2. When looking at cloud based storage you need to complete a risk assessment of what is being stored, where it is being stored (location of actually servers, company history, T&Cs, etc), what measures are being taken (technical and organisational) to protect it and what are the alternatives?In the past there has been lengthy discussion about the suitability of certain services. Google Apps, Microsoft’s Office365, Dropbox and so on. The principles above stay the same. The ICO talks about data being processed outside of the EEA, companies that have signed up the Safe Harbor agreement between US and EU, advice on cloud computing in general and so on. The important differences between private cloud, community cloud and public cloud (and the resulting hybrid model that is possible with some use of all 3) should be considered here.Translation? Putting things in the cloud is fine, but you have to plan what you are doing and take care to make sure about the partner / service you are working with.

Previous conversations about the use of dropbox can be summarised in the following points

  • Do we know where the data is? Yes, we now know they use Amazon storage based in the US.
  • If the Data is outside of EEA can we still use them? DropBox have now signed Safe Harbor so there is nothing there stopping you anymore.
  • Is it safe? Yes, for a given value of ‘safe’ … the data when stored it is not so much how the data is transferred, or how it is stored when it gets there … more a case of how is access controlled. This takes us back to the ‘appropriate technical and organisational measures’ part of theDPA.

Now let’s look at what considerations should be taken for *any* cloud based service. This is not a definitive check list, but it is a darned good place to start from chatting with most folk.

  • Check where and how the data is stored.
  • Consider if it is within EEA or in US and with Safe Harbor signed. If it is with a US company who has signed Safe Harbor but there is no guarantee the data is held in EEA or US then you have to consider the locations where it is stored and the impact any local laws there may have (e.g is it stored in Australia, Brazil, Thailand, etc and do any local laws mean data could be seized differently to if UK / EU / US laws were applied?) and how this affects you.
  • What are the guarantees around the company? Anyone can set up a service but do you trust the company? Have they passed any security audits? If they are a specific education company do you need to consider DRS checks?
  • Now the data is stored outside of the school what are the restrictions on access / processing? Technical? Organisational? What are your audit trails for this?

Bringing it back to DropBox again … the main concern here is how the data is accessed and cached on local drives. Is the account a ‘personal’ account that is being used? What guarantee that you can control the data should that personal account no longer have the right to access the data?

  • Scenario 1 – HoD needs data to be shared with teachers in her department. She has a DropBox account, as do others. She uploads a coursework logging spreadsheet into a shared folder and others access / complete it. A member of staff leaves so that access needs to be removed. Who removes it? As the service used is personal then it has to be the HoD? Is she aware of this?
  • Scenario 2 – HoD needs data to be shared with HoDs for other departments to target intervention children. The spreadsheet will contain reasons for intervention, including details of personal circumstances (which can include Sensitive, Personal Data). A member of staff is suspended due to allegations … how is that data then secured? The school has no oversight of the methods used to share the data and is reliant on all staff taking ownership of controlling data. The audit trail for this is horrendous!
  • Scenario 3 – The same data is being shared between HoDs. One HoD installs the client on their home computer which is used by all family members. At this point the school has not control over how the data is controlled. Guidance is needed to be provided (using organisational measures rather than technical measures) but again, the audit trail on this is horrendous.
  • Scenarion 4 – The same data is being shared between HoDs. One HoD installs the client on a personal mobile device. The device is then stolen. Is this a data breach? How was the device encrypted? Can it be remotely wiped?

The above scenarios would make most people shy away from using *any* cloud service … but actually, the ways of dealing and mitigating the risk is pretty much the same as if you are using school hosted services.

  1. Make sure that your AUP for staff covers the use of cloud services and the personal responsibility that each member of staff has to ensure that they only share data by controllable means. The school needs to assess whether their staff have a good understanding of Data Protection and Information Management, and then they can chose appropriate training as well.
  2. Make sure staff understand what levels of data are being processed. DPA talks about two levels, Personal Data and Sensitive Personal Data. Becta also worked on the use of Business Impact Levels and the UK Govt still gives advice around this too. CESG has the specific information if needed.
  3. When using email make staff understand what sort of data can be shared on that service. Good practice is to store the data in a controlled location and email the link to it, rather than emailing the file around. This is also good practice for managing mailbox size too. win-win!
  4. Where cloud storage and email are accessed on a device then make sure it is encrypted, secure and wipeable. If desktops the physical security is taken into account, for laptops the device encryption, but for mobile devices (phone / tablets) there is a strong level of importance on device encryption, strong passphrase for access and the ability to remotely wipe. It might be that tablet devices need to have 3G access purely to allow them to be remotely wiped. The company position on how this is dealt with on personal devices (and the audit trail for verification too).

So, back to the question. Can you use DropBox?
Yes … but make sure you consider the above 4 points, factor in the cost (both technical and organisational) for implementing it (and yes, that includes training, checking staff personal devices, etc), the politics involved (not usually dealt with by NMs but by SLT …) and the timescales involved.

Make sure that SLT know and understand that this is to do with the application of a Law within the school … and that you are not being negative or trying to stop people doing things …

Look at alternatives. Remote access to school systems so that the data never leaves your walled garden are very good but can get very expensive.

Instead of using personal tool have a look at verified cloud based services. Some have not licence costs (O365) but you then get limitations on it being a free service, shared with others … and you have to factor in school staff time on it, and other have a cost but you then know that the service is backed up by SLAs, etc (declaration of interest … I do work for such a cloud-based service!).

I hope this covers off most of the areas you needed to look at, answered some of the questions that might arise within the school too.

The Importance of School Domains

With the every changing world of technology and education we all understand that nothing stands still. With more and more schools becoming Academies, buying a variety of services from a plethora of providers and having direct control of the funds to buy these, schools are generally more discerning about their presence on the World Wide Web.

This change of stance can result in websites which engage with parents and learners, improved communication systems and better marketing with the local community.

One of the frequent changes you see is around the choice of domain name a school will use. Traditionally, schools would use a domain based on their name, the geographical Local Authority they are in (but not always part of) and a tail of .sch.uk to identify them as a UK School, eg blogs-pri.dookland.sch.uk.  This domain is allocated to them by Nominet, is linked to the DfE number of the school and belongs to the school.

Sometimes you will hear that the domain belongs to the Council / LA and this is not altogether true. The domain belongs to the school, but might be controlled by the LA as part of delivery of services (eg over an RBC) or has previously been managed by the LA on behalf of the school, via the LA tech support team. Schools can ask for the domain to be transferred to a Registrar of their choice and can have someone manage the associated DNS.

Some schools chose not to use their .sch.uk domain. This could be because of the above myth meant they registered a new domain when leaving an LA service, they might not like the long URL or email addresses it can give, it can be down to a marketing / PR choice or it might simply be personal preference of a member of Senior Leadership / technical staff.

There are a few important things to remember about your choice of domain though. Firstly, the ends of domains, that is to say the generic Top Level Domains (gTLD) such as .com, .net, or country specific / country-code TLDs (ccTLD) such as .co.uk and .org.uk, have a specific purpose and identify the type of business or organisation you are. These domains are register for a period of time and have to be re-registered on a regular basis. They are open to dispute by other groups of the same name and you can even find conflicting domains ([schoolname].com and [schoolname].org) being used by different schools, or even by commercial or charitable organisations with a better claim to the domain than the school.

Some companies and organisations will try to capture all related domains so that this problem is dealt with, but schools often forget that they have the .sch.uk domain which they have left fallen by the wayside.

Your .sch.uk does not lapse, it is free, it can only be controlled by your school, it cannot be grabbed by a former student with an axe to grind and it doesn’t have to be your principle domain.

At the moment I recommend schools, which are choosing a different domain as their principle domain, to keep hold of their .sch.uk domain. If you are swapping email services then this extra domain can usually sit in the background so emails to the old addresses still reach their original recipients. Websites can have a CNAME record to redirect your .sch.uk domain to your preferred domain.

Generally, there is no excuse for not keeping the old domain other than wanting to have a ‘clean break’, or you make use of services which do not allow for other options. If this is the case then you need to consider the impact of lost emails, irregular communications which might get missed, etc.

A few hours of work now can save you days of trouble later on. Go on, be proud to let people know you are still a school … that is what .sch.uk is there for after all.

Internet Safety Talking Point 2

This is my latest blog post based on Scott McLeod’s 26 Internet Safety Talking Points.

Over the next few weeks I am looking at each point to tease apart the ideals behind them, to try to see both sides of the discussion and to share examples about who others have work on the issues. A lot of this will be from a UK-centric position but hopefully it will provide some insight into the similarities and differences with our friends in other countries.

Today’s point is about Decision Making

The technology function of your school organization exists to serve the educational function, not the other way around. Corollary: your technology coordinator works for you, not vice versa.

To use technology you should have a reason, understand what you want it to do and also understand how you can measure whether it is achieving it or not.

Oh dear … this sound like we are going to talk about planning again.

In the past a number of choices about technology have been a little chicken and egg with what has been used. There have been pilot projects or innovative schools who have gone out and done something interesting with new or emerging technology. The technology has inspired them to try something new and when it has worked you then find research to look into it on a wider scale. This is where folk like Becta came in … as well as groups such as the Association of Learning Technology, NAACE, Besa and so on. They took the research to the next level, either as partnerships with schools, those doing the research, with suppliers or as the controller of funds (or any combination) … resulting in ring-fenced funds to allow schools and LAs to implement a given technology.

So the idea that the technology should be based on your choice has not always been the way it should have been, but it was usually instigated based on good practice and research. How will it was implemented is then debatable and how much that removed control and decision making from individual schools is another point some will raise.

But where does the technology coordinator (NM, ICT Coordinator, LA Technology Manager) sit in this? To some extent they might have chosen the specific technology based on available funds, with a certain set of features, but the pedagogy behind it all should be pretty agnostic and be able to use whatever is provided. An IWB is an IWB … and whilst specific software might have benefits over other solutions the idea of it being used by learners is common … it is just the method which might change. The arguing point against this is around wireless tablets connected to projectors (removing the requirement for the learner to come to the front of the class … an important feature in some schools with learners who do not engage when in front of their peers) or the ‘add-on’ tools such as voting systems (actually a separate technology in their own right but can work well with IWBs).

The other arguing point around this is about policies and strategies. I hate to say it but there is a little thing called the law. In fact it is the Law. It deserves the capitalisation. And this varies across the world. There are many things which educationally would seem to be perfect decisions but are then put on hold or stopped because the NM / Tech coord / etc says no. This is not done lightly, nor is it done without consideration for what benefits will be lost and it is usually done with some attempt at compromise. Areas where there will be clashes ranging from safeguarding, copyright and intellectual property, data protection and information management, funding and classroom management. A good NM will educate you about these (if you are not up to speed) and will work with you to get the most out of tech … but they are frequently the gatekeeper as to what tech you can use because they have the knowledge about the bits which will cause problems. In the same way you have people to tell you not to try blowing up the science lab (in spite of how much fun it was when we were at school to see people do experiments that blackened the ceiling), or have people who tell you not to use certain classrooms due to them falling down … you have people who will say not to use certain technologies in certain ways. I’ll discuss the legal side of this in a later post … but just try to believe that a good NM is talking these into account and advising Senior Leaders, classroom teachers, office staff, parents, learners, local community and the random people who ring up the school because of things you post on the internet.

Yes, the Technology Coordinator works for you, but part of that job is choosing or helping to choose appropriate technology and keeping you safe. Don’t give them a job and then tell them they can’t do it!

On the other side, your NM should not keep things as a dark art and be the only person making choices. Any choices made should be clearly explained and, as per the last blog post, show where they are held accountable. Likewise the choice of technology should not force you down a particular educational route, but it can be an inspiration for doing something different. Be aware of the differences and look at the early adopters to see what they did and what worked / failed.

Internet Safety Talking Point 1

In my last blog post I republished Scott McLeod’s 26 Internet Safety Talking Points.

Over the next few weeks I am looking at each point to tease apart the ideals behind them, to try to see both sides of the discussion and to share examples about who others have work on the issues. A lot of this will be from a UK-centric position but hopefully it will provide some insight into the similarities and differences with our friends in other countries.

Today’s point is about responsibility and accountability.

Even though they may use fancy terms and know more than you do about their domain, you never would allow your business manager or special education coordinator to operate without oversight. So stop doing so with your technology coordinator.

This raises an important point. With great power comes great responsibility, and there is a group in schools who have a lot of power. Whatever you might think of your Network Manager or Technician, of your LA Support Manager or even the Academy Technical Director (I will generically use the term NM to cover these and similar positions), how they have gained power / ownership / responsibility / control will be so varied it would take several posts to pinpoint which applies to your case. We would also end up talking about stereotypes and pigeon-holing people.

In reality it is rarely for it to be one reason as to why a single person might be making major decisions which affect a wide range of people, and it would be wrong to always assume malice, arrogance, superiority complexes on their part. It would also be wrong to assume the ignorance of senior managers in schools, apathy of staff, poor funding and poor communication. However, I am sure all of the above would sound familiar to many.

Instead, let us look at the idea of responsibility and accountability.

Yes, the NM is likely to be the expert in the field as to what technology can work, how it can work, how to support it and so on, but the requirements which set out what technology is needed should not be set out by a single person, but by a group of stakeholders working out what is best for the school (or schools if part of a larger group). This involves planning, communication, compromises, compliance (with laws, local and school policies, etc) and it will require targets / outcomes. This is where the oversight and accountability comes in … and it doesn’t just apply to the NM. It is needed … and should be in place.

And this is where we hit a number of problems.

Firstly you might be in a school where there is no communication, planning, team-working, etc and so someone has to effectively be a visionary, trying to guess what is needed or to lead on the choice of technology, almost in a single-minded way as nothing would happen without this. This can effectively place all the power and control with a single person with no oversight. This is not specifically their fault, and Scott’s point, in my eyes, appear to be a shout out to Senior Leaders in schools to wake up, stop relying on a single person and to make it more of a team effort … not a call to snatch back power from someone else.

Within the UK there is a standard for IT Support (based on industry standards) called FITS. This clearly sets out how the NM, Senior Leaders and other stakeholders can establish the targets, hold people accountable for delivering on projects / work and set out the standards by which systems will work, how changes will be decided and managed, how choices of technology can be made and how this can be measured against the desired impact.

To Block or Not to Block, that isn’t the question!

With kind permission I am reposting Scott McLeod‘s ‘Dangerously Irrelevant’ Blog Post about 26 Internet Safety Talking Points.

I hope to then follow this up by looking at each point (one a day perhaps) to strip it down and look at both sides of the point.

—————–

For Leadership Day 2012, I thought I would gather in one place many of the talking points that I use with principals and superintendents about Internet safety…

 

  1. Even though they may use fancy terms and know more than you do about their domain, you never would allow your business manager or special education coordinator to operate without oversight. So stop doing so with your technology coordinator.
  2. The technology function of your school organization exists to serve the educational function, not the other way around. Corollary: your technology coordinator works for you, not vice versa.
  3. Mobile phones, Facebook, Wikipedia, YouTube, blogs, Wikispaces, Google, and whatever other technologies you’re blocking are not inherently evil. Stop demonizing them and focus on people’s behavior, not the tools, particularly when it comes to making policy.
  4. You don’t need special policies for specific tools. Just check that the policies you have are inclusive of electronic communication channels and then enforce the policies you already have on bullying, cheating, sexual harassment, inappropriate communication, illicit behavior, etc.
  5. Why are you penalizing the 95% for the 5%? You don’t do this in other areas of discipline at school. Even though you know some students will use their voices or bodies inappropriately in school, you don’t ban everyone from speaking or moving. You know some students may show up drunk to the prom, yet you don’t cancel the prom because of a few rule breakers. Instead, you assume that most students will act appropriately most of the time and then you enforce reasonable expectations and policies for the occasional few that don’t. To use a historical analogy, it’s the difference between DUI-style policies and flat-out Prohibition (which, if you recall, failed miserably). Just as you don’t put entire schools on lockdown every time there’s a fight in the cafeteria, you need to stop penalizing entire student bodies because of statistically-infrequent, worst-case scenarios.
  6. You never can promise 100% safety. For instance, you never would promise a parent that her child would never, ever be in a fight at school. So quit trying to guarantee 100% safety when it comes to technology. Provide reasonable supervision, implement reasonable procedures and policies, and move on.
  7. The ‘online predators will prey on your schoolchildren’ argument is a false bogeyman, a scare tactic that is fed to us by the media, politicians, law enforcement, and computer security vendors. The number of reported incidents in the news of this occurring is zero.
  8. Federal laws do not require your draconian filtering. You can’t point the finger somewhere else. You have to own it yourself.
  9. Students and teachers rise to the level of the expectations that you have for them. If you expect the worst, that’s what you’ll get.
  10. Schools that ‘loosen up’ with students and teachers find that they have no more problems than they did before. And, often, they have fewer problems because folks aren’t trying to get around the restrictions.
  11. There’s a difference between a teachable moment and a punishable moment. Lean toward the former as much as possible.
  12. If your community is pressuring you to be more restrictive, that’s when it’s time to educate, not capitulate. Overzealous blocking and filtering has real and significant negative impacts on information access, student learning, pedagogy, ability to address required curricular standards, and educators’ willingness to integrate technology. It also makes it awfully tough to prepare students for a digital era.
  13. ‘Walled garden’ online environments prevent the occurrence of serendipitous learning connections with the outside world.
  14. If you’re prohibiting teachers from being ‘friends’ with students online, are you also prohibiting them from being ‘friends’ with students in neighborhoods, at church, in volunteer organizations, at the mall, and in other non-school settings?
  15. Schools with mindsets of enabling powerful student learning usually block much less than those that don’t. Their first reaction is ‘how can we make this work?’ rather than ‘we need to keep this out.’
  16. As the lead learner, it’s your responsibility to actively monitor what’s being filtered and blocked and to always reconsider that in light of learning and teaching needs.
  17. If you trust your teachers with the children, you should trust them with the Internet. Addendum: Mistrust of teachers drives away good educators.
  18. If you make it too hard to get permission to unblock something, you might as well not have the option in the first place.
  19. Unless you like losing lawsuits, remember that students and staff have speech and privacy rights, particularly off-campus. Remember that any dumb decision you make is Internet fodder and has a good chance of going viral online. Do you really want to be the next stupid administrator story on The Huffington Post?
  20. When you violate the Constitution and punish kids just because you don’t like what they legally said or did and think you can get away with it, you not only run the risk of incurring financial liability for your school system in the tens or hundreds of thousands of dollars but also abuse your position of trust and send messages to students about the corruption of power and disregard for the rule of law.
  21. Never make a policy you can’t enforce.
  22. Don’t abdicate your teaching responsibility. Students do not magically gain the ability at the end of the school day or after graduation to navigate complex, challenging, unfiltered digital information spaces. If you don’t teach them how to navigate the unfiltered Internet appropriately and safely while you have them, who’s going to?
  23. Acceptable use and other policies send messages to students, staff, and parents. Is the predominant message that you want to send really that ‘the technologies that are transforming everything around us should first and foremost be feared?’
  24. Imagine a scale with two balancing pans. On one side are all of the anxieties, fears, barriers, challenges, and perceived problems that your staff, parents, and community members put forth. If you want effective technology integration and implementation to occur in your school system, it is your job as the leader to tip the scale the other way. Addendum: It is difficult to understand the learning power of digital technologies – and easy to dismiss their pedagogical usefulness – if you are not familiar enough with them to understand their positive affordances.
  25. In a hyperconnected, technology-suffused, digital, global world, you do your children a disservice – and highlight your irrelevance – by blocking out our present and their future.
  26. Educating is always, always more powerful than blocking.

BONUS 1. Elsewhere in your state – perhaps even near you – are school districts that have figured this out. They operate under the same laws, regulations, rules, and procedures that you do. If they can be less restrictive, why can’t you?

A huge thanks to everyone who has influenced my thinking and my writing in this area, including folks like Doug JohnsonSylvia Martinezdanah boydWill Richardson, and Tina Barseghian. I’m sure that I’ve forgotten a few talking points that I’ll just add later. Which one is your favorite (or least favorite)? What would you add to or change on this list?

For other Leadership Day 2012 posts, see the complete list of submissions and/or#leadershipday12.

Early Adoption – do you plan?

It is wonderful to continue to hear about people eager to look at the latest technology and see what a difference it makes in schools … and as an avid early adopter I do have to urge a note of caution at times … even to myself.

It has been interesting to catch up with a few others who are trying out iOS 6 and also having some fun playing / learning about the Raspberry Pi … but the best thing I have seen recently has been around Windows 8, the next system from Microsoft. If you haven’t had a recent read of the Microsoft UK Schools Blog recently then I suggest you pop over to look through the last couple of posts.

With the release of Windows 8 all very imminent it is no surprise that this appears to be a hot topic but I’ll let you into a little secret … I am pretty sure that no-one is expected to have it all up and running for when schools start back in a few weeks. In spite of a lot of access to release previews, healthy discussions on technical sites, serious cogitation by hardware manufacturers … the main point for me has been about awareness raising about what the change to a new system might mean.

If we take the post about chances to learn about Windows 8 then we can see that there are plenty of chances to look at development on Windows 8 (good for those involved in Computing@School) as well as a chance to look at curriculum resources. There is a free eBook available about programming apps on Windows 8 and making your network ready for Windows 8, but the best blog post for me has been the report from IDC about why you should move on from Windows XP.

From an IT Management point of view it is always interesting to see someone stick down figures around how much effort goes into managing and maintaining IT systems. Any form of change, regardless of whether it is for IT or anything else, will also incur a cost. It could be in capital costs (in IT this could be licences, hardware, etc), training, expertise or simply staff time. Balancing out whether you continue with the status quo or invest in making a move is sometimes a difficult choice but the above report from IDC really does hammer out that if you are still using XP now then you need to plan what you are going to do in the near future. They are not saying that you should jump now, but it does give you ammunition to start planning.

In schools this is vital as, no matter how much IT Support plan, it has to go hand-in-hand with how the school will deliver the curriculum, how the school will make use of IT to run on a day to day basis and also how the children respond to the change.

A lot of people have been looking at tablets in education, primarily iPads, and this is another good reason to start looking at what you are doing with technology. The arrival of Windows 8 will allow for schools to consider using iOS, Android, Windows 8 or any combination of the above. Change is inevitable … and it is better to look at it and ride the wave than crash and burn when someone demands something that is not going to work!

And this is the point where the innovators and early adopters are hitting a brick wall. I can remember listening to Ewan McIntosh tweeting that project management stifles innovation … and I can agree with this, because it is hard to push the boundaries of what you can do with tech when you can’t get access to it.

And this is the point where the planners, budget holders and senior leaders raise their head and ask about making sure money invested is done so wisely, that people don’t buy a lot of white elephants (we could dedicate a website to the amount of tech which is bought but never really used) and that what is bought and used actually has an impact and isn’t just there because it is a toy, a plaything, something shiny or because everyone else is using them.

And so we have to get to a compromise.

Early adopters need to have access to tech and they need to try things out. Systems in schools need to allow for some of this to go on but also to hold people accountable for what they are doing.

The report from IDC say that schools need to look at change. It shows that cost of keeping to the status quo (which will rise) and it gives a chance for people to start having ideas about what they need to do in the future. From chatting with various sources working on Windows 8 in education it is clear that testing things with OEM tablet manufacturers will be a good thing to do, running pilots in collaboration with other schools to look at Windows 8 devices, iOS devices and Android devices, comparing the ideas against earlier research on Windows Tablet devices (remember that tablets in education is nothing new … perhaps just improved) and then deciding how to adapt what you do with technology.

With Windows 8 coming out soon and the raft of devices it will generate (including the Microsoft Surface), the ever changing flavours of Android and the upcoming release of iOS6 from Apple … there will be a lot to try and there will be a lot of cross-over between all the different option.

(image from http://www.flickr.com/photos/sdasmarchives/5018415361/)