Tag Archives: vle

Why Information Security Standards make sense to School Leaders

Having worked with Learning Possibilities as a client, a consultant and as a Project Manager, I still find myself relating almost all my activities to the following phrase, “What Would School Leaders Think?”

For most people in schools, awareness of Information Security standards is limited, and usually only heard about when talking about data protection or when they have been told that they can’t or shouldn’t do something, by their IT Manager, the Local Authority or a Governor.

In fact, most schools should be able to easily understand not just the importance of Information Security but how it is assessed at companies like Learning Possibilities, and that understanding is all down to thinking like OFSTED.

As with OFSTED visits to schools, companies certified to ISO27001 (the principal Information Security standard) will have regular audits and inspections from an external body.

As with OFSTED, Leadership is key. It is not about recording security incidents or how quickly they are dealt with, it is not about recording how well your backups run and it is not about recording the results of penetration testing. It is about looking at how Leadership set objectives, evaluate them and justify subsequent decisions.

Yes, there is record keeping. Yes, there are processes and procedures that have to be followed. Yes, there is regular training on Information Management, Information Security and Data Protection. Yes, there are issues and risks to be dealt with. However, these are there to provide evidence to Leadership and the quality of work is more important than ticking boxes on the 114 controls across 14 groups.

Internal audits are the book scrutiny sessions and staff observations. External audits are the OFSTED visits. The Information Security Management System contains your Statement of Applicability (let’s call it your SEF), your policies and procedures, your record of decisions, your Objectives and Measures (5 year plan?).

It goes on. There are so many similarities and helps show School Leaders that Learning Possibilities understands the impact of OFSTED, not just because of the educational impact, but because we have our own version to go through. We also know all too well about it being about key decisions, not just weighing the pig!

External audits are done each year, and you recertify after 3 years. Out of the 3 possible outcomes only the top outcome, which is effectively a 100% adherence to the standard, gets you the certificate.

What does this mean for our customers? Well, the standard is a way of showing both the importance of Information Security to us as a company across all our work, and also that we put in the time and effort on it, ensuring that it is part of our core ways of working.

So, after a 13 month programme of work we are more than pleased to say that we passed our External Audits for this year and have now been issued with our certificate, after coming through with flying colours, the equivalent of Outstanding.

I say a 13 month programme of work … we have already started on the work for the next 3 years, including the work on the international update of ISO 9001:2008 to ISO 9001:2015, the standard for Quality Management. Another opportunity for us to hold ourselves open to inspection against the highest possible standards.

SharePoint Saturday UK

It is lovely to be around folk who see the benefit of spending a bit of their own time being part of something larger, and SharePoint Saturday is a perfect example of this.

For those who have never been to this sort of user event before it generally consists of a combination of noted speakers for the beginning and end of the event, with a number of sessions from respected peers sharing their knowledge and ideas with delegates. And Saturday was no exception … This is a short summary and I will try to give a longer post when slide decks are available.

Starting of with a session from the excellent Todd Klindt talking about why IT Pros and Developers need to learn from one another, and swap skills … but the important thing was to try stepping out of your comfort zone. As an IT Pro he has a a fantastic podcast (which actually covers a good amount of his keynote) so I would heartily recommend you have a listen.

There were many streams I could have gone to, but I opted some more familiar things (in spite of what Todd suggested). As a Business User (my predominant role around SharePoint now) I am always interested in ways to encourage adoption. Kanwal Khipple gave a grounded session on how to drive up adoption of your SharePoint platform, ranging from ensuring project sponsors do more than just sign off the money through to using Sharepoint Heroes to be your evangelists on the ground.

Next was a visit to Alex Pearce‘s session about how to introduce Power Users to SharePoint. A whislte-stop tour around making the most of a SharePoint site around a particular function (in this case around managing invoices) it showed using creating lists, views, the importance of data in content types, using lists to fill in documents … and the best bit was making use of QuickParts in Word for filling in information into a document template.

After a short break I was in with Matt Hughes (the instigator of SP365.co.uk) where he talked about SharePoint branding and some of the tips and tricks around modifying your own master pages, what you should and shouldn’t touch (especially since some of the master pages will get replaced on patching / applying service packs … but those SysAdmins who have had to compile drivers themselves know of that problem anyway!) and where to find some good, free SharePoint Master Pages … including those from Kanwal Khipple from the earlier session.

After lunch (where there was a better chance to chat with some of the exhibitors / sponsors … many of which were a bit bemused about why a Business User / Power User would be interested in talking to them … especially one without a budget!) I opted to sit out the sessions for a chance to chat with a few of the other delegates … and some of the conversations where enlightening … whether they were around controlled assessment, the missing EduGeek site through to a good, long catch up with some friends.

A good portion of the afternoon was spent talking with Richard Willis of SalamaderSoft (aka @rpwillis), Sam Dolan (aka @pinkpetrol) and Alex Pearce (aka @alex_pearce) about developments in education, sharing war stories, etc …

Ok … it was a chance to just relax and chat, but you still pick up a heck of a lot in these conversations, from barriers to adoption or integration with other services, how to manage relationships with users and clients, changing trends or simply good, old-fashioned ways of making things work.

I did miss out on having a proper catch up with Dave Coleman (@davecoleman146) and Alan Richards (@arichards_saruk) and missed their sessions (which clashed as well …) but their blogs will have their slide decks shortly (if not up already) and they both regularly speak on webinars as well. For those in schools I would heartily recommend listening to Alan talk about the cost savings made through the strategic choices and use of technology. Those who have already read Dr Don Passey’s report on the Evaluation of the Implementation of the Learning Platform LP+ Across Wolverhampton will see many similar points. They’ll both be at BETT in January 2012 if people want to talk with them about many of the items in their blogs, or simply drop them a line if there is something you want to ask them.

Steve Fox’s session at the end looked at Windows Azure, integration with Sharepoint 2010 and some Windows Phone stuff … a fair bit around Business Intelligence really and showing how SharePoint Online is quite a powerful option … if you read some blogs about the session (or some of the tweets) you can see a number of folk questioning why people would use Google with this amount of options to hand.

Having started to come down with the lurgy, I decided to miss out on the SharePint and head home …

A fantastic day, well worth the early start and looking forward to watching some of the webinars which are coming up soon.

Well done to all involved with the organisation, the exhibitors / sponsors and to all those who presented.

The Perils and Pitfalls of being ‘The Block’ to learning & teaching

Once again I fall into the role of the fervent defender of the blighted IT Support teams in schools. As much as I enjoyed a good argument (oh no you don’t!) there are times when I feel that the word compromise is missing from the vocabulary of some people.

In a short break from the course I am on at the moment I picked up a tweet to a blog post from our friend Spannerman2.
It makes for good reading and raises an important points about IT and ICT & Computing as subjects, about the lack of subject specialism in teachers of these subjects and about the amount of effort which goes into running (& locking down) a school network.

It does, however, throw stones. I don’t think stone throwing is any good at the moment in education. It just generates a lot of people pointing their fingers and saying, “you are doing it wrong!” without any ideas or support for getting it right.
In conversations on EduGeek.net there have been ideas shared about how you can make things more manageable and flexible on a school network, about how you can give freedom to staff and students, about how to manage situations better and stop the ‘them & us’ perception which can be the stimulus to things getting out of hand when there is the slightest problem.

So here are a few ideas. First we will have the objectives … the school needs computers systems. It needs three types of systems really.

Let us cover the easy one first. We want a system that allows for the running of a school, the day-to-day stuff of administration, the ordering of toilet roll for the toilets, the paying of staff, keeping records on students … you know the sort I mean. It used to be that this network was kept as separate as possible from everything else. It had to be … it holds sensitive data, it needs to have careful controls over who can do what with it … both legally (DPA) and for audit reasons. However, more and more senior leaders have realised that this network holds some really valuable and vital information. Stuff that can make a difference in the way teachers operate in the classroom … and teachers also need to add to this information too. So that means it has to overlap with the other systems in the school. Problem number 1 arises, but we will come back to this one.

System number two is the one used by teaching staff to deliver what they do, day in, day out. Teaching. I don’t want to turn this into a ‘them & us’ post … I never do … and sometimes people have to remember that those most likely to read my blog from the teaching community are those most likely to understand and want to push what tech they have … in fact, the people who are the cream, those who have risen to the top … but try to remember that there are those who can do *some* of the things that you do and are learning fast … but there are also those who struggle … not just with tech, but with classroom management, with change in general … and I am thinking about *all* staff in schools. A single solution is not always the best thing … having one setup for all staff … only giving limited access to doing stuff … but the problem is that at the moment it takes time and investment to give a more flexible system for staff. There are little things which can be done, like giving rights to install software on their laptops, giving more relaxed filtering … perhaps not even ‘filtering’ as such, but just logging what is used on the internet (remember folks … audit trails!) But what happens when a laptop is brought back in to the IT team to be fixed because something they downloaded at home seems to have broken stuff (after they have turned off the anti-virus or stopped it from downloading updates or running scans) … and that is if you are lucky and they don’t just plug it into the network and infect other computers where teachers have also turned off the antivirus too … and so you have to fix their machine. You might need a spare laptop or two so that they still have a machine to use in the classroom (back to investment again) and then there is the time and staff to fix it. Problem 2 appears … planning for the inevitable workload that comes with either building systems to deal with having to fix problems like this or having to do it on a case by case basis.

And so we go on to system 3 … the most problematic because you are having to cover three conflicting needs. The student workstations / laptops. Here you have to think about what software is needed, who gets to choose that software, pay for it, develop resources for teaching using it or even for teaching the software itself (either the skills / concepts or the specific software … that argument is for another day) … and then let us think about that touchy area of classroom management. I don’t like people blaming technology when it is being used as substitute for classroom management … I’ve spoken about how filtering gets abused this way before and the same applies to locking down the desktop, turning off the ability to right-click, where things can be saved … it all boils down to how much disruption in the classroom the teachers can handle, the amount of effort which is needed to fix problems that arise and so on … So we get to Problem 3 … and this *is* aimed at the teachers who might read this blog. COMPROMISE. Oh, that was also aimed at the Techs too.

So what happens when we need these 3 systems to overlap … or even be the same system?

I would love to say that this is a perfect solution out there … but there isn’t. It will *have* to vary from school to school purely due to the nature of each school, the emphasis each school might choose to put on classroom control, on how much investment the school puts into different aspects of IT, what technology gets used, the strength of things like Web 2.0 tools, of VLEs, of email, of using data straight from the MIS … so many factors that *no-one* can give a single system that will suit everyone.

Instead … how about thinking a little more about how you are going to get to where you want to go. I can guarantee that the end system you want cannot be delivered overnight and be usable by everyone without considerable pain … so you are likely to have to do things in steps. These steps have to be done with compromise and I’m going to say my usual mantra … Change Management!

So … let us think about something that gets raised a lot at the moment. The introduction of student owned devices (yes … I know I have avoided mentioning the learners themselves … more below) can be considered in a few stages, some technical, some pedagogical. If you are going to introduce this sort of system then yes, you will have to segregate it from system 1 … the stuff you have to legally protect. A typical way of doing this would be by having a ‘dirty’ wireless network … a separate WLAN that is only used by students, *may* have some restrictions on it … but will give them access to the internet at the bare minimum (even if you choose not to filter then at least log it). You then have to consider how it will be used in the classroom. Will it be used in conjunction with a VLE? Online stuff such as Live@Edu or Google Apps? How will you ensure that the iPad is being used for work and not just to watch stuff on iPlayer? GameCentre? The netbook is not being used to just hog the school internet connection to pull down pirated video or software? Or the laptop used for chatting on IRC, tweeting about what they got up to last night or on facebook poking their mate in the class next door? The same way that it used to be notes on pieces of paper, or ‘interesting’ magazines shared by some of the boys (actually, both of those still happen too) now there is a new range of things to distract the learner …

One way of dealing with this is by using the student wireless network to force the student to log into the school terminal server system (various solutions are available to do this via a website) and so that they can use their own device in the school but with some element of control by the teacher / techie / school.

There is still another way … the idea of privilege, of use versus abuse. And this is where we talk to the learner. They can make some of the best and worst suggestions and decisions you can come across. It might be that they want the system to allow them to do nearly everything, but on the understanding that if it is abused that they get locked down. Hmm … that might even work in conjunction with other polices the school has? Wow … revolutionary concept?

It might be that the desktops are set to be rebuilt each night … so that if the students do mess things up then it is not a problem. It might be that you have systems that go back to a baseline after each log-off. you can do almost anything … but there has to be a reason to do it, it has to be a balance between what is possible, what is practical and what delivers some sort of benefit.

So … there we go … a start … I’ve already prodded a few of the detractors to techies locking things down or wanting to drop working systems to go to Open Source based purely on ethical principle rather than education need or practicality … if they want to change then I want to see a range of options and some sort of roadmap about how to adopt it, both technically and pedagogically. “Just because…” is not a suitable answer. I might want to put studded tyres on my little Smart car just because … you never know, we might get heavy snow tonight … it might become fashionable … it might mean I can drive over an ice rink to drop off James Bond to do a bit of bomb disposal and save the world … or it might tear up a recently resurfaced road … cost me a fortune to buy and get fitted the new tyres.

So … a start … let us see how it goes from here.

Sharepoint Articles

This week will see a few blog posts go up.

First will be one already writte, exploring a bit more about sharepoint and web 2.0, next will be talking about why we filter emails and what impact the management of it can have, then finally I will be asking around about how different people feel about the different between hosted and local solutions for sharepoint.

It should be a busy week of meetings as well (when is it not) but I hope to squeeze all three items in.

ETRU VLE Special

Sunday saw an EdTech RoundUp special on VLEs, looking at what is out there, how they are used, particular solutions and how they are adopted, and a bit more of a look at EdModo.

It was a good session and I have just listened to the podcast to review certain aspects of it.

One of the things that has surprised me somewhat is that it was only when we started talking about MIS and how they fitted in that the point of Parental Engagement was raised.

For me, if you are planning or using a platform and you want to ensure students are using it, particularly for independent learning, you have to get parents on board too.

It has made me wonder a bit more about how we view the importance of parents when getting students switched on to learning through technology.

I am going to put it forward as a future point on ETRU as well as on the Becta forums, EduGeek and as a question ok the ICT Register.

I would be interested to hear what people have already done to engage with parents.