Tag Archives: IT manager

Do we *REALLY* know how much is spent on IT?

A tweet was posted by @MSETCHELL yesterday (mattianuk on EduGeek) about being asked to work out the cost of the entire network.

This didn’t strike me as a strange request to be honest. It just seemed to be a standard pain-in-the-backside, paper-generating, unread-report-producing exercise … probably needed because of some arcane bid proposal which schools sometimes get involved in to try to squeeze money out of any available pot or group. It is worth saying the businesses do the same thing when applying for EU funds, regeneration funding, moving locations, etc … so it happens all over the place.

I replied that

I thought that would be fairly easy to generate? Have asset library with original costs, calculate depreciation, etc

But Matt said he had a full inventory but not purchase costs.

It struck me about this being another example of where silos exist in schools, this time between departments of support / admin staff rather than between curriculum departments.

It also made me wonder what do people record in their asset library? How do them maintain it? Who is the ultimate owner?

At Learning Possibilities, we work based on ISO27001 : 2013 (part of our standard of working for a variety of contracts, as well as best practice) and knowing your assets is vital, whether they are physical, intangible or information assets. Whilst the standard is over the top for most schools it does clearly align with standards such as the Framework for ICT Technical Support (A school friendly Service Management IT Management regime based on ITIL v2 and v3, with elements of other good practices from areas such as PRINCE2 and LEAN).

An asset library should not just be about the make, model, serial number and location of a physical piece of kit; it should include other relevant information too. When you install a network in a school you spend a certain amount on cabling … this is also an asset that is often missed. Is the cabling infrastructure in your school suitable for the next 5 years? Are you expected to go Gig to the desktop? PoE?

I’ll be posting a thread on EduGeek to discuss this in more detail about what could and should be recorded but I thought I would set out the basic principles here.

  1. All assets have an initial value (on purchase), a replacement value (how it would cost to replace it based on whether you do like for like replacement or old for new) and a depreciated value (how much they are worth now with their value going down due to an agreed method … and there are a variety of methods).
  2. All assets have a set period of useful life. This might be set out when you purchase the device and be based on a variety of factors. Usually these will be the warranty and support periods for the product, how frequently it receives updates, an estimate on how long you think the functionality will fit your needs and so on.
  3. All assets should be associated with a purchase order, when a direct purchase was made.
  4. All assets should have an ‘owner’. This is the person who is responsible for them to the institute and not necessarily the person who manages them on a day to day basis. An example would be the MIS hold information about timetabling, personnel, students, etc but the SIRO is ultimately responsible. In the same way the iMacs being used in Music are ‘owned’ by the Network Manager, not the Head of Music.
  5. Assets have to be written off at some point in their life. This can only be done by an authorised member of staff.

There are probably more I could add, but this is a starting point for most people.

Some of the above information might be able to be held in the software you use for asset management. Some might already be held in other systems, such as the finance systems.

It will be up to each school whether there is any replication / duplication of the information held … and who updates the relevant asset libraries too.

From the above this should be enough so that the Head and BM can easily see what the value of the network is (in financial terms) and what the total direction is over a period of time, see what is about to be at end of supported life and what they need to replace like for like (in general terms).

Not only does this allow for SLT to plan, it helps them decide on whether maintaining a status quo with regards to IT is affordable or whether changes need to be considered on financial grounds. Changes on curriculum, or leadership grounds are a separate discussion, and that has a slightly different set of criteria and measurement.

There are plenty of ways you can check whether others you work with, as partners or suppliers, are following similar models … a basic tool for IT management. For us it is our work on ISO27001: 2013, but for others it could be ITIL v3 certification of staff, FITS certification,  ISO/EIC 20000 certification. At Learning Possibilities we ask it of some of our partners and are happily reassured.

Have a chat with your own school to see who manages what areas of assets, how the Facilities Management team monitor and write things off, how the Business Manager controls what is put down as needing covering for insurance? See what standards they look at when working with others?

 

Naace ICT Impact Awards

naace-logo

It felt very strange on Thursday whilst down at BETT … I was nervous, excited, pensive and lots of other things which generally mean I was not too sure how to feel.

I had been put forward for an award and was waiting to hear about being shortlisted.

Naace has no doubt about the impact that ICT can have on learning and teaching when used well by skilled and creative professionals. ICT makes a real difference to learner’s achievement and engagement; it offers access to resources that would otherwise be beyond the reach of any school or college, it allows communication and collaboration beyond the physical and temporal limits of the classroom; it allows learners to think more clearly and see the world from another perspective. Naace has a long standing history of supporting those working in education to use ICT to achieve the greatest possible impact, and now seeks to provide some formal recognition of outstanding work in this area. (taken from [url=http://www.naace.co.uk/events/conference2013/naaceimpactawards2013]Naace: Naace Impact Awards 2013[/url])

I was put forward for the following award

Technical Support Service Impact – Sponsored by Meru NetworksExcellent customer service and technical competence are assumed by this award, but to win it, it will be essential to demonstrate the key differences that the service has made to the learning opportunities and outcomes of young people.

And have been shortlisted against the following.

  • Tony Sheppard, Edugeek For tirelessly supporting colleagues around the country, providing guidance on suitable technology and facilitating the sharing of information and expertise
  • Joskos Solutions Limited For providing a consistently reliable ICT support service, with the flexibility to incorporate special projects and events, and enabling teachers to use ICT in their lessons with complete confidence
  • Phil Jones, Pool Academy For his enthusiasm and commitment to making ICT as accessible and enjoyable as possible, removing barriers to learning
  • Simon Sloan, Bedford Drive Primary School For his hands-on approach to supporting staff and students with their use of ICT in the curriculum and for introducing a range of opportunities to further the students’ experiences of ICT
  • Sahib Chana, Platinum IT For leading a range of technical changes and providing bespoke solutions across the curriculum that have accelerated and broadened the Academy’s use of ICT

I am amazed that a) I was initially nominated by someone who I respect for the amount of work he has done to enthuse his school, his fellow teachers, the education community and folk in general … and b) that folk are seeing the benefits you get from keeping technical folk involved, the impact that we can have on learning and also that we are thoroughly nice and helpful. As far as I am concerned, this shortlisting could have gone to numerous members of EduGeek (and it deserves too) and I am pretty sure that most of the above are members / lurkers anyway.

Good luck to all involved (and in the other categories as well) and I look forward to seeing as many of you as possible at the NAACE conference.

The Importance of School Domains

With the every changing world of technology and education we all understand that nothing stands still. With more and more schools becoming Academies, buying a variety of services from a plethora of providers and having direct control of the funds to buy these, schools are generally more discerning about their presence on the World Wide Web.

This change of stance can result in websites which engage with parents and learners, improved communication systems and better marketing with the local community.

One of the frequent changes you see is around the choice of domain name a school will use. Traditionally, schools would use a domain based on their name, the geographical Local Authority they are in (but not always part of) and a tail of .sch.uk to identify them as a UK School, eg blogs-pri.dookland.sch.uk.  This domain is allocated to them by Nominet, is linked to the DfE number of the school and belongs to the school.

Sometimes you will hear that the domain belongs to the Council / LA and this is not altogether true. The domain belongs to the school, but might be controlled by the LA as part of delivery of services (eg over an RBC) or has previously been managed by the LA on behalf of the school, via the LA tech support team. Schools can ask for the domain to be transferred to a Registrar of their choice and can have someone manage the associated DNS.

Some schools chose not to use their .sch.uk domain. This could be because of the above myth meant they registered a new domain when leaving an LA service, they might not like the long URL or email addresses it can give, it can be down to a marketing / PR choice or it might simply be personal preference of a member of Senior Leadership / technical staff.

There are a few important things to remember about your choice of domain though. Firstly, the ends of domains, that is to say the generic Top Level Domains (gTLD) such as .com, .net, or country specific / country-code TLDs (ccTLD) such as .co.uk and .org.uk, have a specific purpose and identify the type of business or organisation you are. These domains are register for a period of time and have to be re-registered on a regular basis. They are open to dispute by other groups of the same name and you can even find conflicting domains ([schoolname].com and [schoolname].org) being used by different schools, or even by commercial or charitable organisations with a better claim to the domain than the school.

Some companies and organisations will try to capture all related domains so that this problem is dealt with, but schools often forget that they have the .sch.uk domain which they have left fallen by the wayside.

Your .sch.uk does not lapse, it is free, it can only be controlled by your school, it cannot be grabbed by a former student with an axe to grind and it doesn’t have to be your principle domain.

At the moment I recommend schools, which are choosing a different domain as their principle domain, to keep hold of their .sch.uk domain. If you are swapping email services then this extra domain can usually sit in the background so emails to the old addresses still reach their original recipients. Websites can have a CNAME record to redirect your .sch.uk domain to your preferred domain.

Generally, there is no excuse for not keeping the old domain other than wanting to have a ‘clean break’, or you make use of services which do not allow for other options. If this is the case then you need to consider the impact of lost emails, irregular communications which might get missed, etc.

A few hours of work now can save you days of trouble later on. Go on, be proud to let people know you are still a school … that is what .sch.uk is there for after all.

Internet Safety Talking Point 1

In my last blog post I republished Scott McLeod’s 26 Internet Safety Talking Points.

Over the next few weeks I am looking at each point to tease apart the ideals behind them, to try to see both sides of the discussion and to share examples about who others have work on the issues. A lot of this will be from a UK-centric position but hopefully it will provide some insight into the similarities and differences with our friends in other countries.

Today’s point is about responsibility and accountability.

Even though they may use fancy terms and know more than you do about their domain, you never would allow your business manager or special education coordinator to operate without oversight. So stop doing so with your technology coordinator.

This raises an important point. With great power comes great responsibility, and there is a group in schools who have a lot of power. Whatever you might think of your Network Manager or Technician, of your LA Support Manager or even the Academy Technical Director (I will generically use the term NM to cover these and similar positions), how they have gained power / ownership / responsibility / control will be so varied it would take several posts to pinpoint which applies to your case. We would also end up talking about stereotypes and pigeon-holing people.

In reality it is rarely for it to be one reason as to why a single person might be making major decisions which affect a wide range of people, and it would be wrong to always assume malice, arrogance, superiority complexes on their part. It would also be wrong to assume the ignorance of senior managers in schools, apathy of staff, poor funding and poor communication. However, I am sure all of the above would sound familiar to many.

Instead, let us look at the idea of responsibility and accountability.

Yes, the NM is likely to be the expert in the field as to what technology can work, how it can work, how to support it and so on, but the requirements which set out what technology is needed should not be set out by a single person, but by a group of stakeholders working out what is best for the school (or schools if part of a larger group). This involves planning, communication, compromises, compliance (with laws, local and school policies, etc) and it will require targets / outcomes. This is where the oversight and accountability comes in … and it doesn’t just apply to the NM. It is needed … and should be in place.

And this is where we hit a number of problems.

Firstly you might be in a school where there is no communication, planning, team-working, etc and so someone has to effectively be a visionary, trying to guess what is needed or to lead on the choice of technology, almost in a single-minded way as nothing would happen without this. This can effectively place all the power and control with a single person with no oversight. This is not specifically their fault, and Scott’s point, in my eyes, appear to be a shout out to Senior Leaders in schools to wake up, stop relying on a single person and to make it more of a team effort … not a call to snatch back power from someone else.

Within the UK there is a standard for IT Support (based on industry standards) called FITS. This clearly sets out how the NM, Senior Leaders and other stakeholders can establish the targets, hold people accountable for delivering on projects / work and set out the standards by which systems will work, how changes will be decided and managed, how choices of technology can be made and how this can be measured against the desired impact.

To Block or Not to Block, that isn’t the question!

With kind permission I am reposting Scott McLeod‘s ‘Dangerously Irrelevant’ Blog Post about 26 Internet Safety Talking Points.

I hope to then follow this up by looking at each point (one a day perhaps) to strip it down and look at both sides of the point.

—————–

For Leadership Day 2012, I thought I would gather in one place many of the talking points that I use with principals and superintendents about Internet safety…

 

  1. Even though they may use fancy terms and know more than you do about their domain, you never would allow your business manager or special education coordinator to operate without oversight. So stop doing so with your technology coordinator.
  2. The technology function of your school organization exists to serve the educational function, not the other way around. Corollary: your technology coordinator works for you, not vice versa.
  3. Mobile phones, Facebook, Wikipedia, YouTube, blogs, Wikispaces, Google, and whatever other technologies you’re blocking are not inherently evil. Stop demonizing them and focus on people’s behavior, not the tools, particularly when it comes to making policy.
  4. You don’t need special policies for specific tools. Just check that the policies you have are inclusive of electronic communication channels and then enforce the policies you already have on bullying, cheating, sexual harassment, inappropriate communication, illicit behavior, etc.
  5. Why are you penalizing the 95% for the 5%? You don’t do this in other areas of discipline at school. Even though you know some students will use their voices or bodies inappropriately in school, you don’t ban everyone from speaking or moving. You know some students may show up drunk to the prom, yet you don’t cancel the prom because of a few rule breakers. Instead, you assume that most students will act appropriately most of the time and then you enforce reasonable expectations and policies for the occasional few that don’t. To use a historical analogy, it’s the difference between DUI-style policies and flat-out Prohibition (which, if you recall, failed miserably). Just as you don’t put entire schools on lockdown every time there’s a fight in the cafeteria, you need to stop penalizing entire student bodies because of statistically-infrequent, worst-case scenarios.
  6. You never can promise 100% safety. For instance, you never would promise a parent that her child would never, ever be in a fight at school. So quit trying to guarantee 100% safety when it comes to technology. Provide reasonable supervision, implement reasonable procedures and policies, and move on.
  7. The ‘online predators will prey on your schoolchildren’ argument is a false bogeyman, a scare tactic that is fed to us by the media, politicians, law enforcement, and computer security vendors. The number of reported incidents in the news of this occurring is zero.
  8. Federal laws do not require your draconian filtering. You can’t point the finger somewhere else. You have to own it yourself.
  9. Students and teachers rise to the level of the expectations that you have for them. If you expect the worst, that’s what you’ll get.
  10. Schools that ‘loosen up’ with students and teachers find that they have no more problems than they did before. And, often, they have fewer problems because folks aren’t trying to get around the restrictions.
  11. There’s a difference between a teachable moment and a punishable moment. Lean toward the former as much as possible.
  12. If your community is pressuring you to be more restrictive, that’s when it’s time to educate, not capitulate. Overzealous blocking and filtering has real and significant negative impacts on information access, student learning, pedagogy, ability to address required curricular standards, and educators’ willingness to integrate technology. It also makes it awfully tough to prepare students for a digital era.
  13. ‘Walled garden’ online environments prevent the occurrence of serendipitous learning connections with the outside world.
  14. If you’re prohibiting teachers from being ‘friends’ with students online, are you also prohibiting them from being ‘friends’ with students in neighborhoods, at church, in volunteer organizations, at the mall, and in other non-school settings?
  15. Schools with mindsets of enabling powerful student learning usually block much less than those that don’t. Their first reaction is ‘how can we make this work?’ rather than ‘we need to keep this out.’
  16. As the lead learner, it’s your responsibility to actively monitor what’s being filtered and blocked and to always reconsider that in light of learning and teaching needs.
  17. If you trust your teachers with the children, you should trust them with the Internet. Addendum: Mistrust of teachers drives away good educators.
  18. If you make it too hard to get permission to unblock something, you might as well not have the option in the first place.
  19. Unless you like losing lawsuits, remember that students and staff have speech and privacy rights, particularly off-campus. Remember that any dumb decision you make is Internet fodder and has a good chance of going viral online. Do you really want to be the next stupid administrator story on The Huffington Post?
  20. When you violate the Constitution and punish kids just because you don’t like what they legally said or did and think you can get away with it, you not only run the risk of incurring financial liability for your school system in the tens or hundreds of thousands of dollars but also abuse your position of trust and send messages to students about the corruption of power and disregard for the rule of law.
  21. Never make a policy you can’t enforce.
  22. Don’t abdicate your teaching responsibility. Students do not magically gain the ability at the end of the school day or after graduation to navigate complex, challenging, unfiltered digital information spaces. If you don’t teach them how to navigate the unfiltered Internet appropriately and safely while you have them, who’s going to?
  23. Acceptable use and other policies send messages to students, staff, and parents. Is the predominant message that you want to send really that ‘the technologies that are transforming everything around us should first and foremost be feared?’
  24. Imagine a scale with two balancing pans. On one side are all of the anxieties, fears, barriers, challenges, and perceived problems that your staff, parents, and community members put forth. If you want effective technology integration and implementation to occur in your school system, it is your job as the leader to tip the scale the other way. Addendum: It is difficult to understand the learning power of digital technologies – and easy to dismiss their pedagogical usefulness – if you are not familiar enough with them to understand their positive affordances.
  25. In a hyperconnected, technology-suffused, digital, global world, you do your children a disservice – and highlight your irrelevance – by blocking out our present and their future.
  26. Educating is always, always more powerful than blocking.

BONUS 1. Elsewhere in your state – perhaps even near you – are school districts that have figured this out. They operate under the same laws, regulations, rules, and procedures that you do. If they can be less restrictive, why can’t you?

A huge thanks to everyone who has influenced my thinking and my writing in this area, including folks like Doug JohnsonSylvia Martinezdanah boydWill Richardson, and Tina Barseghian. I’m sure that I’ve forgotten a few talking points that I’ll just add later. Which one is your favorite (or least favorite)? What would you add to or change on this list?

For other Leadership Day 2012 posts, see the complete list of submissions and/or#leadershipday12.

Is Change Really That Hard?

I’m going to let you all into a little secret. Technologies changes.

Phew … thank goodness I was able to get that one off my chest. It has been eating me up ever since I got involved in technology in education all those years ago!

Ok, tongue firmly in cheek but you would be surprised the looks I get when I say that. People will start with tales of woe and regret from where they have seen schools to scared to change, failing to plan to change, or constantly changing for no discernible reason.

Talking with many IT Support colleagues I tend to hear anecdotes where a school has failed to plan for change and set suitable targets for measuring the impact of the change. We all know that some change is inevitable and outside of our control, such as the demise of support for an operating system or the end of a period of warranty.

Recent changes from both Apple and Microsoft seem to be strongly discussed right now, whether when I visit schools, on twitter, blogs or EduGeek.net. Yet there is a lot of information out there to support schools with the changes which are coming in or are already available.

For Microsoft, the big change hitting schools right now is the advent of Office365. As well as the benefits you can get from the existing Live@Edu service there are other features including LyncOnline and SharepointOnline. The questions I tend to see at the moment are technical and operational so I usually point people to the UK Education Cloud blog or to people like James Marshall (@Jamesbmarshall on twitter and EduGeek.net), but I really wanted to highlight a set of training videos for those dealing with the technical setup more than anything else. If you haven’t been following the UK Education Cloud blog then have a look at this post.

Where Can I Get Office 365 For Education Deployment Training?

And then we get those facing the prospect of putting in more to their Apple ecosystem. The growth of iPads / iPods in schools has been a drive for this and rather than get involved in the argument about whether this is a good thing or bad thing, I want to be pragmatic with helping people realise that if the kit is being purchased then you have to get on a deal with it.

I tend to recommend that schools work with an Apple Solutions Expert as this can give access to best practice, links in with Apple Distinguished Educators to ensure that education is central to the project and also to think about getting the right level of expertise with the school support staff or from contractors you bring in. As part of this I want to point people to the range of seminars that Apple now run online..

https://edseminars.apple.com/seminars/ are a little US centric but can be invaluable for when working with partners to deploy Apple solutions.

There are plenty of good CPD events out there available for people looking to change how the technology is deployed or used within their school, both on a technical and educational level. These will range from weekly Google Hangout sessions with the likes of Leon Cych, the educational chats on twitter, course run via VITAL.AC.UK or simply spending time reading threads on EduGeek.net.

If change is going to happen … no … scrap that … *when* change is going to happen then you should be ready, have a plan and see how much it makes a difference.

Apple Leadership Summit – The Workshops pt 3

We have now covered the most simplistic methods which many schools are using to manage iOS devices, and frequently these are shared devices we are talking about, not individual devices owned by the user. The issues that this can bring is that as you grow with the number of devices you have or reduce the amount of time you have available to cover support of the devices you have to look at more efficient and practicable solutions.

The next area covered in the workshop was the concept of profiles. Those who have looked into Group Policy Objects (GPOs) in the world of Windows or the use of WorkGroup Manager (WGM) on Mac OS X can see easy parallels and might look to apply the exact same concepts used to lock down machines. Apple were keen to stress that it is not about locking down but more a case of ensuring that certain settings were enabled and that you knew where the responsibility lay for control / changes of the settings.

In a similar way to the nuts and bolts of GPOs just being a method of forcing changes to the registry on a  Windows client, and WGM forcing changes of .plist files on a Mac OS X Client, the iPhone Configuration Utility (IPCU) creates a text file which, when loaded onto an iOS device, changes settings.

It covers a number of areas including security, Wi-Fi, VPN, email, calendar, address book and some application restrictions. We covered some of these setting in the previous post when we looked at on-device settings, but a profile can also be used to set up part of the information required and allowing the user to complete the rest. An example would be to put in all the details for the Exchange Server but leaving some fields blank so the user enters the information relevant to themselves. A more details guide on this can be found on the help section of the Apple website

Another important security area is around passcodes where you can set the complexity including whether you allow simple passcodes (ie repeating / ascending / descending sequences), whether you require alphanumeric values (must contain at least one letter), minimum length, age, auto-lock time period, history and, possibly the most important if considering the device would be used by a member of staff, how many failed attempts before the device is wiped (I’ll talk a bit more at a later date about encryption on iOS devices).

We also have to consider whether the profile can be removed by the user. The options include Always, With Authorization and Never … remembering that if you wipe the device (there are a variety of methods) it will take it back to requiring activation and you start again anyway with a clean slate. Also remember that, in the most basic setup, the profile is something a user (or the person setting it up) has to accept to install. When we look at Profile Manager later on we can consider some of the ethos behind putting particular settings into the profile so that the user has to agree to various settings as a method of gaining access to certain areas (eg email) and a common method of control for this is the granting of access to the secure, wireless network.

Profiles can be loaded via USB, can be emailed out to users to install, can be pulled down from websites or pushed out wirelessly via MDM solutions. One important thing to remember when exporting profiles from IPCU is security. These are text files and if you do a simple export can be read and changed via a plain text editor. You can sign the profile so any changes will noticed by the device if you try to install it but this basically changes it to read only mode. What should be considered as the only option is sign and encrypt the file. Just think … this profile could have all the settings needed by a user to join your hidden wireless network, usernames and passwords for mail servers (if using a profile per person or allocating a specific email account per device) and so on … do you really want that in plain text?

It is simple to sort though by just ensuring you export it signed and encrypted.

The next post will look at some of the uses of the new tool on the block, Apple Configurator, and what we were shown about what looks to be the first stage of a good methodology for managing and deploying devices in bulk.

Tech Support – By Schools, For Schools

I know some of you might already recognise the phrase including in the title, as it is a central tenet of the ICT Register, but the same ethos is wide spread within the education community. It doesn’t matter whether you are talking about school staff getting together at TeachMeets, having in-depth discussions via twitter though things like #ukedchat, online communities such as EduGeek.net or more local groups such as NorthantsBLT the growing role of schools taking ownership of their advice and guidance and how they share it with others is a very important part of how schools need to react to recent changes which have come out of DfE.

Many of the above are free … well, when I say free I really mean that they are paid for by people and schools using their own time for the benefit of others because they get the same sort of response back, or it is a bit of educational philanthropy on the part of others. This is brilliant in many ways, but can make it difficult to plan for sustainability. Also, there is nothing wrong with paying for advice, guidance, ideas, expertise, etc. There is often a saying used, “you get what you pay for!” and this is very true. People forget that the payment is not always cold, hard cash, but time and your own expertise … and when time, expertise, capacity and ideas are running short then people face the reality that paying for something is almost inevitable.

And this is one of the areas where I think some schools do it wrong. It shouldn’t be that paying for something in cash is the last option, it should be considered an option from the very beginning when you are planning what you need, what your goals are, how your school will develop / deliver things like CPD, technical support, parental engagement, etc.

Technical Support is a perfect example of where failing to plan can result in staff in the school, both techie and teacher, having to scrabble around to find information and guidance. I have been preparing a number of reports around the use of Framework for ICT Technical Support (FITS) within Northamptonshire schools and conversations with schools who have staff trained and accredited against FITS has shown what a difference planning makes. Except that it doesn’t just stop at the school gates. A number of schools are actively involved in supporting other schools. This will range from Lodge Park Technology College being actively engaged with the ICT Register and Microsoft’s Partners In Learning, Sir Christopher Hatton School providing support on Microsoft training courses and technical support to local schools, Wrenn School providing technical support to local schools and staff being active in online communities such as EduGeek.net, and both The Duston School and Southfield School for Girls providing staff time and expertise to chair local working groups such as the Schools Broadband Working Group and NetworkNorthants (the local IT Community for technical staff in schools and school support providers). Some of this is for free (i.e. no charge to others) but some of it does have a cost and is well worth it.

Having another school cover your tech support or provide advice around it has some major benefits. This can range from educational understanding and expertise, through to experience of deploying some education specific technologies. Couple this with easy access for teachers to talk with teachers, SLT to talk with SLT, you can having a winning combination.

So I was please to see, over the weekend, a tweet from a friend on the south coast. Tim Dalton is the IT Consultant at The Wildern School, the school which runs its own TV Studio (BBC Schools Report), has previously run YouTube style services for other schools, has developed advice and guidance on using media technologies in schools … and much more. Tim put a tweet out letting his PLN know that they are doing it again, taking their expertise and bundling it up for others. This time it is is punnet; a support, development and advisory service for other schools. Whether it is hands-on, regular tech support, development of software and applications for schools or advice and guidance around classroom use of technology and school strategy, Wildern hopes to be able to cater for your needs.

Yet another example of By Schools, For Schools …

Do you have more examples? Are you involved in similar to the folk at punnet or the other schools mentioned? Have you spoken with other schools to share ideas, expertise, tools and goals? Go on … now is your chance.

How do you plan?

Lifecycle Management

Developing a process

Whether you are using ITIL, FITS or other ideology / tools to help you develop a support service, you will find that you will borrow, adapt, use, tweak, refine and make wholesale use of a plethora of pre-existing examples of procedures. It is a simple fact of life that sharing and comparing procedures is more efficient than re-inventing the wheel in isolation.

However, you will find that there will be occasions when you have to create a process specific to your school and your school’s services. You may be the first school you know to move to a specific technology or to use it for a particular purpose, within the curriculum or for services involved in running the school. It is at this point you can fall back on two areas of support for such tasks.

You might have developed a house style for your processes with set communication routes, set timescales, a pre-defined hierarchy of decision-making and clear mechanisms for measuring success. Or it might be that you truly are starting from scratch.

Either way there are a number of ways that spending some time looking at Lifecycle Management could be beneficial to helping developing processes. Those with FITS or ITIL experience, especially ITIL v3, will tend to look at the whole service first to see where the process sits and then work on it, but the principles are basically the same.

In ITIL the service lifecycle is made up of 5 sections

  1. Service Strategy
  2. Service Design
  3. Service Transition
  4. Service operation
  5. Continuing Service Improvement

And these we can change into some simple questions.

  1. What do we want?
  2. How is it going to work?
  3. How do we get it to work?
  4. How do we keep it running?
  5. How can all this be improved and how can we use it to improve other things in the future?

And those with ITIL or PRINCE2 experience are now screaming that this is over-simplifying the process … and they are right, but we have to start somewhere. It is hard to talk purely on theory and go on about simplifying ITIL or FITS, so we will have to look at a real world example which we have to fit processes around. Let’s go for a big one that will affect every school, no matter whether a school runs additional management software from companies such as RM, whether you run thin clients, schools who manage computer deployments from central systems, all the way to small schools with a handful of computers … yes, we are talking about INSTALLING NEW SOFTWARE.

Over the coming weeks I will be looking at the questions above and applying them to the task of installing new software, looking at the wide range of options, looking at how different schools and schools systems might come up with different answers, looking at what the impact is on those having to come up with solutions, giving real examples of how schools have overcome obstacles to developing these processes and looking at the various roles within schools who will have to be involved.

As always, I am always interested in talking with schools who have gone through some of this and if anyone would like to be involved then please let me know.

Red Tape or Legal Backing

I know I’ve been a bit quiet recently. This is mainly down to workload (lots of meetings), a lot if DIY (converting part of the house/garage into a home office) and bouts of Man-Flu. However, I have been inspired a bit with a new group I have been involved in over on LinkedIn.

There is a new group, for those looking at the legal position on eSafety when it comes to areas such as monitoring, logging and accessing what children are doing with computers in schools. The group was formed by a Brian Bandey, Doctor of Law specialising in international IP, IT, Cloud, Internet and eSafety Law, and he started the ball rolling with the following breakdown. It is a part of a longer report which I think will make interesting reading.

The Legality of a School Technologically ‘reading’ a Pupil’s web activity

or

“Interception of Pupil Web-Browsing”

Introduction

The question being posed is, in a sense: “What are the law-based issues over Pupil Internet-Browsing Activities being captured by desktop monitoring services.” There’s a reasonably complex network of different Laws from different spheres active over this area and they don’t apply in equal measure to pupils vs. staff. However – although the action of the Law can be summarised, it needs to be understood that a considerable amount of detail is being lost.

Interception and Monitoring

The two main pieces of legislation in the UK with regard to interception of communications (which includes monitoring)are: The Regulation of Investigatory Powers Act 2000 (‘RIPA’) and The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (‘the Lawful Business Regulations’).

In essence RIPA provides that:

–           to intentionally and without lawful authority;

–           intercept a communication on a private system in the course of its transmission;

–        unless it is done or authorised by someone with the right of control e.g. the headmaster or his IT manager acting on his authority;

–           …. is a criminal offence.

Interception is defined widely in RIPA and includes making some or all of the contents of the communication available, to someone other than the sender or intended recipient. It is thought that transmission may also cover access to both read and unread messages e.g. on a academy/school central server.

How does the School have a Legal Right to Intercept?

An obvious route for the School is to secure good evidence of Parental Consent in the case of Pupils and Employees consent in the case of Staff. For ‘belt and braces’ – one needs to ensure that authority is given by the person (internally) who has “the right to control”.

So the Law is that Lawful authority is required to intercept:

–        If there is no lawful authority then consent of the sender and receiver of the communication is needed;

–        RIPA allows some limited interception by the controller of the system without the consent of the sender or the recipient;

–           RIPA sets out the conditions under which third parties such as the police may intercept.

–        The Lawful Business Regulations are the main source of lawful authority for the controller of the system to intercept and monitor. They permit the monitoring or keeping a record of communications for purposes such as standards, national security, prevention and detection of crime, investigating unauthorized use, and ensuring effective system operation.

–        The interception must also be relevant to the business of the system controller. (NB: This is the clinching argument for Educational Establishments – since there can be no argument that Interception and Monitoring of Pupils Web-Browsing is entirely relevant to the School’s activities)

–           Every effort must have been made to tell users that interception may take place.

–        Communication which has been intercepted and contains personal data is subject to the Data Protection Act 1998. (I’ll return to this subject)

Thus, it begins to become obvious that the Interception and Monitoring by Schools of Pupils (and Staff) Web-Browsing (and E-Mails for that matter) is perfectly lawful if carried out sensibly with reference to RIPA and the Lawful Business Regulations.

The Obligation to Monitor and Intercept

This is a serious and complex subject but I must touch on the School’s obligations to actively monitor Pupil-Pupil E-Communication (I talk of E-Communication since Pupils often shuttle communications through FaceBook or BeBo which aren’t e-mails per se).

The School must simply not ignore its Common Law Obligations (the Law of Negligence) and its Statutory Obligations (the Health and Safety Acts and the Education Act 2002) to keep Pupils Safe.

Educational Institutions have a duty to ensure the safety of their students and to protect them from any reasonably foreseeable harm. Liability arises for psychiatric conditions caused by repeated exposure to obscene or offensive material when using the institution’s IT facilities.

It is also now well-established that psychiatric conditions arise for the victims of Cyberbullying.

Finally, It is also now well-established that such psychiatric conditions which arise for the victims of Cyberbullying can lead to suicide.

Data Protection Law

This is a simple issue. Schools collect a very great deal of “Personal Data “ (a term defined under the Data Protection Act) on their Pupils. E-Mails can be Personal Data and the School simply needs to treat this data like any other – that is in accordance with the Data Protection Principles.

Human Rights and Privacy Law

The Law has always recognised that Students when at School or some other Educational Establishment have only limited rights to Privacy.

Consider:-

A Teacher sees John whispering to Jane in the Class. She moves forward (unnoticed) to overhear the conversation and overhears John’s whispered (bullying) threats.

Are we really saying here that John had his Right to Privacy under the UN Convention on the Rights of the Child (to which the UK is a signatory) and the Human Rights Act 1998
(Article 8 of the Human Rights Act 1998 is the Right to Respect for Privacy and Family Life) contravened?

The answer is a resounding “NO”. So it is with any pupil communication

It should be noted that in the famous case of Copland v. United Kingdom the Court considered that the collection and storage of personal information relating to the applicant through her use of the telephone, e-mail and internet interfered with her right to respect for her private life and correspondence. While the Court accepted that it might sometimes have been legitimate for an employer to monitor and control an employee’s use of telephone and internet – the need for informed consent was paramount.

But, as a matter of Law, Children cannot give informed consent.

So we return to the overarching need for the School seeking appropriate consents from parents.

Dr Brian Badey

www.drbandey.com

It really does cover so much, but it needs a bit more teasing out for me. When thinking about the barriers to adoption and acceptance of AUPs in schools it would be helpful to identify the areas which are covered under legal grounds for children, for introducing children into what they are likely to find or have to deal with as adults and which sections are there as moral/ethical agreements between the school, the children and the parents.

I’ll try and keep things up to date on here as interesting comments are made by various people. It is also worth pointing out the use of words such as Negligence, Law, Consent as these are specific to how these words are used within law (hence why they are capitalised), yet there are many times other with reference these words with using them solely with respect to the legal meaning, but as part of context from other Acts of Law, reports, government advisories, notices of Statutory Requirements and so on.

The group is gaining a broad range of members, but it could do with a few more specialists … perhaps an expert in Child Law, those involved in safeguarding investigations and those involved with unions (to work out the impact on staff, who are being monitored by the same systems).

(Edit – I’ve updated the post with the full statement from Brian).