Categories
eSafety Security Uncategorized

Why Information Security Standards make sense to School Leaders

Having worked with Learning Possibilities as a client, a consultant and as a Project Manager, I still find myself relating almost all my activities to the following phrase, “What Would School Leaders Think?”

For most people in schools, awareness of Information Security standards is limited, and usually only heard about when talking about data protection or when they have been told that they can’t or shouldn’t do something, by their IT Manager, the Local Authority or a Governor.

In fact, most schools should be able to easily understand not just the importance of Information Security but how it is assessed at companies like Learning Possibilities, and that understanding is all down to thinking like OFSTED.

As with OFSTED visits to schools, companies certified to ISO27001 (the principal Information Security standard) will have regular audits and inspections from an external body.

As with OFSTED, Leadership is key. It is not about recording security incidents or how quickly they are dealt with, it is not about recording how well your backups run and it is not about recording the results of penetration testing. It is about looking at how Leadership set objectives, evaluate them and justify subsequent decisions.

Yes, there is record keeping. Yes, there are processes and procedures that have to be followed. Yes, there is regular training on Information Management, Information Security and Data Protection. Yes, there are issues and risks to be dealt with. However, these are there to provide evidence to Leadership and the quality of work is more important than ticking boxes on the 114 controls across 14 groups.

Internal audits are the book scrutiny sessions and staff observations. External audits are the OFSTED visits. The Information Security Management System contains your Statement of Applicability (let’s call it your SEF), your policies and procedures, your record of decisions, your Objectives and Measures (5 year plan?).

It goes on. There are so many similarities and helps show School Leaders that Learning Possibilities understands the impact of OFSTED, not just because of the educational impact, but because we have our own version to go through. We also know all too well about it being about key decisions, not just weighing the pig!

External audits are done each year, and you recertify after 3 years. Out of the 3 possible outcomes only the top outcome, which is effectively a 100% adherence to the standard, gets you the certificate.

What does this mean for our customers? Well, the standard is a way of showing both the importance of Information Security to us as a company across all our work, and also that we put in the time and effort on it, ensuring that it is part of our core ways of working.

So, after a 13 month programme of work we are more than pleased to say that we passed our External Audits for this year and have now been issued with our certificate, after coming through with flying colours, the equivalent of Outstanding.

I say a 13 month programme of work … we have already started on the work for the next 3 years, including the work on the international update of ISO 9001:2008 to ISO 9001:2015, the standard for Quality Management. Another opportunity for us to hold ourselves open to inspection against the highest possible standards.

Categories
education eSafety IT Management Uncategorized web 2.0

Red Tape or Legal Backing

I know I’ve been a bit quiet recently. This is mainly down to workload (lots of meetings), a lot if DIY (converting part of the house/garage into a home office) and bouts of Man-Flu. However, I have been inspired a bit with a new group I have been involved in over on LinkedIn.

There is a new group, for those looking at the legal position on eSafety when it comes to areas such as monitoring, logging and accessing what children are doing with computers in schools. The group was formed by a Brian Bandey, Doctor of Law specialising in international IP, IT, Cloud, Internet and eSafety Law, and he started the ball rolling with the following breakdown. It is a part of a longer report which I think will make interesting reading.

The Legality of a School Technologically ‘reading’ a Pupil’s web activity

or

“Interception of Pupil Web-Browsing”

Introduction

The question being posed is, in a sense: “What are the law-based issues over Pupil Internet-Browsing Activities being captured by desktop monitoring services.” There’s a reasonably complex network of different Laws from different spheres active over this area and they don’t apply in equal measure to pupils vs. staff. However – although the action of the Law can be summarised, it needs to be understood that a considerable amount of detail is being lost.

Interception and Monitoring

The two main pieces of legislation in the UK with regard to interception of communications (which includes monitoring)are: The Regulation of Investigatory Powers Act 2000 (‘RIPA’) and The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (‘the Lawful Business Regulations’).

In essence RIPA provides that:

–           to intentionally and without lawful authority;

–           intercept a communication on a private system in the course of its transmission;

–        unless it is done or authorised by someone with the right of control e.g. the headmaster or his IT manager acting on his authority;

–           …. is a criminal offence.

Interception is defined widely in RIPA and includes making some or all of the contents of the communication available, to someone other than the sender or intended recipient. It is thought that transmission may also cover access to both read and unread messages e.g. on a academy/school central server.

How does the School have a Legal Right to Intercept?

An obvious route for the School is to secure good evidence of Parental Consent in the case of Pupils and Employees consent in the case of Staff. For ‘belt and braces’ – one needs to ensure that authority is given by the person (internally) who has “the right to control”.

So the Law is that Lawful authority is required to intercept:

–        If there is no lawful authority then consent of the sender and receiver of the communication is needed;

–        RIPA allows some limited interception by the controller of the system without the consent of the sender or the recipient;

–           RIPA sets out the conditions under which third parties such as the police may intercept.

–        The Lawful Business Regulations are the main source of lawful authority for the controller of the system to intercept and monitor. They permit the monitoring or keeping a record of communications for purposes such as standards, national security, prevention and detection of crime, investigating unauthorized use, and ensuring effective system operation.

–        The interception must also be relevant to the business of the system controller. (NB: This is the clinching argument for Educational Establishments – since there can be no argument that Interception and Monitoring of Pupils Web-Browsing is entirely relevant to the School’s activities)

–           Every effort must have been made to tell users that interception may take place.

–        Communication which has been intercepted and contains personal data is subject to the Data Protection Act 1998. (I’ll return to this subject)

Thus, it begins to become obvious that the Interception and Monitoring by Schools of Pupils (and Staff) Web-Browsing (and E-Mails for that matter) is perfectly lawful if carried out sensibly with reference to RIPA and the Lawful Business Regulations.

The Obligation to Monitor and Intercept

This is a serious and complex subject but I must touch on the School’s obligations to actively monitor Pupil-Pupil E-Communication (I talk of E-Communication since Pupils often shuttle communications through FaceBook or BeBo which aren’t e-mails per se).

The School must simply not ignore its Common Law Obligations (the Law of Negligence) and its Statutory Obligations (the Health and Safety Acts and the Education Act 2002) to keep Pupils Safe.

Educational Institutions have a duty to ensure the safety of their students and to protect them from any reasonably foreseeable harm. Liability arises for psychiatric conditions caused by repeated exposure to obscene or offensive material when using the institution’s IT facilities.

It is also now well-established that psychiatric conditions arise for the victims of Cyberbullying.

Finally, It is also now well-established that such psychiatric conditions which arise for the victims of Cyberbullying can lead to suicide.

Data Protection Law

This is a simple issue. Schools collect a very great deal of “Personal Data “ (a term defined under the Data Protection Act) on their Pupils. E-Mails can be Personal Data and the School simply needs to treat this data like any other – that is in accordance with the Data Protection Principles.

Human Rights and Privacy Law

The Law has always recognised that Students when at School or some other Educational Establishment have only limited rights to Privacy.

Consider:-

A Teacher sees John whispering to Jane in the Class. She moves forward (unnoticed) to overhear the conversation and overhears John’s whispered (bullying) threats.

Are we really saying here that John had his Right to Privacy under the UN Convention on the Rights of the Child (to which the UK is a signatory) and the Human Rights Act 1998
(Article 8 of the Human Rights Act 1998 is the Right to Respect for Privacy and Family Life) contravened?

The answer is a resounding “NO”. So it is with any pupil communication

It should be noted that in the famous case of Copland v. United Kingdom the Court considered that the collection and storage of personal information relating to the applicant through her use of the telephone, e-mail and internet interfered with her right to respect for her private life and correspondence. While the Court accepted that it might sometimes have been legitimate for an employer to monitor and control an employee’s use of telephone and internet – the need for informed consent was paramount.

But, as a matter of Law, Children cannot give informed consent.

So we return to the overarching need for the School seeking appropriate consents from parents.

Dr Brian Badey

www.drbandey.com

It really does cover so much, but it needs a bit more teasing out for me. When thinking about the barriers to adoption and acceptance of AUPs in schools it would be helpful to identify the areas which are covered under legal grounds for children, for introducing children into what they are likely to find or have to deal with as adults and which sections are there as moral/ethical agreements between the school, the children and the parents.

I’ll try and keep things up to date on here as interesting comments are made by various people. It is also worth pointing out the use of words such as Negligence, Law, Consent as these are specific to how these words are used within law (hence why they are capitalised), yet there are many times other with reference these words with using them solely with respect to the legal meaning, but as part of context from other Acts of Law, reports, government advisories, notices of Statutory Requirements and so on.

The group is gaining a broad range of members, but it could do with a few more specialists … perhaps an expert in Child Law, those involved in safeguarding investigations and those involved with unions (to work out the impact on staff, who are being monitored by the same systems).

(Edit – I’ve updated the post with the full statement from Brian).

Categories
education ict vision IT Management Uncategorized

The James Review … what does it really mean for tech in schools?

The report is quite comprehensive in the breakdown of problems, but has to summarise some of them and it means some of the detail is missed. It also uses some language which misses out on opportunities to pin things down. It suffers from vagueness …

Although ICT is mentioned in a number of areas, a common theme that is expressed is that all capital investment needs maintenance and to be refreshed when appropriate. This is expected to be done, in principal, via revenue budgets for smaller amounts and DFC for larger amounts to a certain level. This means that the school should be able to quantify, if asked, how much it expects to have to pay each year for maintenance or refresh of the ICT infrastructure and facilities. It is hard to pin down whether software or ‘changeable’ assets could be included in here … that could be a good discussion over a pint some time in the future. This is where we get vagueness though … when it talks about maintenance / refresh it does not explicitly mention ICT as part of that. Some groups will use this to argue that ICT should never be considered as capital at any time and others that this says that it should. Perhaps some clarification would be nice on this.

Here are a couple of key things for you though … (mainly centred around part 2, but in particular 4.23 to 4.29)

The report talks about how local choice around building design (and this also means IT infrastructure) has often been a hold up, has meant that value for money hasn’t been achieved, that what was requested to be delivered by the leading person (eg the head) could be wasted as that person could have moved on by the time it is delivered. This is no different to one Network Manager coming in, setting things up *their way* and then, when they leave, their replacement starts to do things *their preferred way* meaning the school goes through change again. I’m not limiting this to just tech though … you get the same when a new HoD comes on board, a new site supervisor, a new chef in a kitchen … but schools need to make sure they have a long term plan and stick to it where they can.

The report also recommends that RBCs still exist, that they are changed to a more ‘price book’ style service where you only pay for what you want / need, 10Mpbs for primary schools and 100Mbps for secondary schools, that there should be more use and development of the existing public sector networks to make use of the existing investment as a way of delivering lots of services (including things such as BDUK). It also suggests that being a small school does not mean you use less bandwidth. In fact you might use more as you make more use of online resources to support the lack of specialisms/expertise within the school, and making more use of hosted solutions / services.

The ICT Services Framework should play a large part in any procurement, as should other large scale purchasing arrangements. Putting it bluntly, this means that for every chunk of kit you buy then you must check it against the same costs from BuyingSolutions. The only way the system will work is if people make use of it, and if they find they don’t get the best price from BuyingSolutions then they feed that back.

Other recommendations can also be seen that there should be central advice and procurement, and when that comes to the ICT section of new / rebuilt / refurbished schools, this should be for infrastructure only. It does not say what it considers to be infrastructure though… that worries me.

So … Managed services should not be a pre-requisite of any new building scheme, that the choice of desktop / systems should be down to the school, that there should be a plan to maintain IT infrastructure / assets and refresh it. On the flip side, the ICT services framework (which includes managed services) should be a serious option for all schools when they are considering how to spend their capital investment and how to maintain it. There is nothing wrong with schools have the same basic setup and then fine-tuning … having one person defining a vision or system is a risk …

One thing is clear though, there is a push to have more of a centralised role from a body. that can be DoE, it could be PfS … but the DoE has now taken on board the remnants of Becta. It has the infrastructure team and the safeguarding team, amongst others. The thing we don’t have yet is how the DoE is going to deliver their chunk of the Govt’s IT Strategy. This report *will* contribute to that, I hope!

So, for me the report covers some key problems and makes suggestions about how to deal with them. It agrees with some aspects of the Department’s present strategy (eg Free Schools) but also pushes on that things like RBCs are a good thing, that local authority involvement is still needed, that capital needs to be followed with enough money to cover maintenance and that relying on one person for a vision is not a good thing because they could move on.

A few notes on this then … the Harnessing Technologies grant was removed because there had been enough capital investment. Can we now see the money for the maintenance please? It wasn’t included in any budgets given to schools this year, even with ring-fencing being removed. And if we are talking about having one person making the decisions … then should we really have a politician (and this covers *any* politician from *any* party!) doing the vision / decision making around education? What happens if they move to another part of the Government? Just saying …

Categories
ict vision IT Management Uncategorized

All Change

It is not often that a change in something really makes me sad but this week there has been a change to EduGeek.net.

It was wonderful to finally hear, last month, the announcement that Shaun (Zerohour) had become a full time partner in EduGeek and I know it will help Chris take EduGeek forward. Shaun has played a huge roll over the last few years to help make EduGeek what it is, from helping to make it a world class forum with all the right tools, through to being the translator of ideas into actions. $Deity knows he has had some strange ideas thrown at him.

However, it was a sad day too. A great friend has decided to step down from involvement in running EduGeek as he takes on a new job. Russell Dyas was one of the first people to step up to the plate and get things done shortly after EduGeek was created. Whether as a moderator, writing news articles, organising meetings with suppliers and vendors, changing what was a simple get together into the first EduGeek conference … all the way through to managing to secure EduGeek a regular spot at BETT, Russell has been a key person in making EduGeek what it is today.

Let’s take a step back and have a look at him though … Not long after EduGeek started he turned up, a veteran contributor and moderator on the RM forum, and started being helpful … nothing more than that really. Welcoming new members (we would joke about being sad enough to watch the membership roll grow each day, commenting about people we recognised from various places, often other mailing lists, forums or newsgroups), putting events onto the calendar, collating news items … you just couldn’t help but like the bloke. That was until he turned nasty …

A few of us thought it would be nice to get together one half-term (Oct 2005) … I offered my then school as a base … next thing we have a speaker … and then another … and eventually we have the first EduGeek.net Conference. From that day there was no getting out of the fact that when Russ pushes you, you eventually get things done.

EduGeek and ICT Register at BETT 2006

The following January Russ and I agreed to run a small survey on IT Support Staff whilst at BETT, and the kind folk at the ICT Register (who had already supported the first conference) let us hang around their stand. It was even better when Chris turned up to chat as well… and with inspiration from Drew Buddie & co with the ‘Help Us Get To BETT’ stand for Moodlers, Russ made it his goal to have an EduGeek presence. After much wheeling and dealing with EMAP Russ organised a prime spot in the National Hall Gallery … but the opportunity came up for a smaller slot in the Grand Hall, but downstairs, next to one of the cafés. An inspired man, he grabbed it as soon as he could and EduGeek have had the Technical Help Point there ever since. That’s not to say that the work was finished there … oh no! Someone had to organise sponsorship to cover the costs of electrics, insurance, furniture, IT kit … and then someone had to organise it all. Yeah … thanks Russ. I had a full head of hair in the photo from 2005 … by the time I retired in 2009 I was the baldy bloke we all know and, hopefully, love.

So, we have established that Russ is a person with ideas, can get people motivated to do things and is experienced at delegating things down to others. I think we should all worry on the day we receive a parcel with a return to sender address with Impero on it … if you get one, just make a cup of tea and wonder what Russ has gotten you involved in now.

So, a short salute to Russ Dyas … retiring from EduGeek on 31st March, but still around, giving advice, helping people out and creating work for others.

Categories
education ict vision Uncategorized

Purpos/ed

What is the purpose of education?

I would say my main thought on the purpose of education is that it should inspire the new, allow us to cherish the old, to help develop the understanding of the difference and the ability to make choices about the appropriateness of both. This will start from the choices your parents make for you as a child, helping you to make your own choices as you grow, but the key is understanding how to make choices, choices that affect you, people around you, how they affect society and the world at large.

Part of this is also learning to accept that some choices are not the end of the world. It used to be that you chose your trade (or it was chosen for you) and that was it … if you tried to resist or rebel, that was it … you were outcast. There was the goal of a job for life, a trade, a profession …

I was lucky enough to be on a bursary at my secondary school (what was a lovely independent school in Wirral) which would happily meet all the present criteria for a DoE sanctioned school. The structure and discipline did me very well but whilst being intelligent I was rarely engaged enough to put the effort in. This led me to loose focus on what I wanted on a number of occasions, resulting in poor decisions being made, not getting all the qualifications I should have or having the focus needed to complete university.

I did learn one very important skill, partly from family life and partly from school. Adaptability.

With the growing numbers of future jobs outside of the traditional realms of ‘jobs for life’, we already know that students will have had a number of different jobs by the time they at 35. As a sports coach, labourer, soldier, policeman, technician, network manager, school leader, LA advisor, project manager … I can’t shout it out loud enough … Adaptability is the key for both now & the future.

People who change jobs, trades or vocations are no longer just indecisive, but part of the flexible society, ready to change to meet their needs and to fill gaps.

This is what we need to continue to breed into education. The ability to choose and constructively make those choices, the ability to adapt and to learn how to focus on changing goals.

Categories
alternative technology IT Management Uncategorized

TeachMeet Midlands

I was unable to make Teachmeet Midlands due to the intervention of Real Life, but I do like to make sure that they are supported, have a good enough contribution from a wide range of people and so on …

As a result I have decided to do a number of short video clips (nothing on the scale or expertise of Kevin McLaughlin – @kvnmcl) and the first one was shown at TeachMeet Midlands.

I’ll be putting together a few more over the year, some will be from previous things I have spoken on (where I still have the presentations and recordings), but if there is anything people want to see please let me know. In the meantime … enjoy.

[vimeo 20808261 TeachMeet Midlands]

Categories
eSafety ict vision IT Management Uncategorized

Establishing an ‘SEP’ field is not always the best answer!

I’ve previously written about the importance of having some understanding about Project Management within a school. Generally this has been centred around change management and communication strategies, but a recent, local project has highlighted another area that needs to be looked at.

There are a number of national systems which have some interesting security requirements, and if you have ever had a look at the requirements for connecting to a GSi family connection then you will know what I mean. Thankfully, this is a rare occurrence in schools but it does mean most schools can get away with some shocking security breaches. When I started talking to some schools about Data Protection a few years ago it scared me how little understanding there is about security with some senior leaders. It also made me realise why so few councils give definitive guidance about data protection to schools.

The usual argument is that to have systems completely secured they would become unusable for teaching & learning … And I do agree with that. I’ve seen schools go over the top with restrictions enforced by network managers (who are only doing their job … and usually trying to stop the Head and/or SIRO being left open to legal challenge!) and it mean that T&L suffer as a result (but it does mean the Head is not given a massive fine or sent to jail …. Choices, choices!)

It all boils down to risk … and looking at how much a school wants to accept, how much is mitigate by choices and implementation of technology, how much is managed by policies and procedures and how much can be dealt with by common sense (the usual answer here is “very little”!)

In this article I will be looking at the risk in a school when accessing a secure government website such as the National eCAF website, but also trying to point out areas which also need covering for the internal use of an MIS.

Risk Management in schools is not something which gets covered in great detail, and to try and give a complete course on it here would be difficult. Suffice to say that risk is a combination of the impact of something going wrong and the probability of it happening.

This chart gives you an indication of how to look at risk.

With risk you can choose to look at it as a threat or an opportunity. In the case of the areas we are looking at it is generally a threat and you can deal with it in a number of ways (Risk Responses)

AVOID – stop the activity which introduces the risk

REDUCE – take action to reduce either the probability or the impact

FALLBACK – put in place actions with reduce the impact

TRANSFER – Put in place things which reduce the impact and often only the financial impact

SHARE – allow the risk to be spread across different people or groups

ACCEPT – know the risk is there, monitor it but accept that you will carry on as normal.

In the scenario of having a wireless network in a school that does not meet the required security criteria it means that the impact is that someone could access your network and introduce something nasty onto it which could compromise the computer being used to access the eCAF system. The impact to use of eCAF would be medium-high but the probability would vary from low (eg if the wireless network is only just below the security criteria such as using WPA) through to high (if you are using an open, unencrypted network which you have told the local community to use)

Looking at the risk responses above here are some examples of approaches schools might take.

AVOID – The school stops the risk completely by purchasing equipment that meets all the security criteria. The school might also choose to turn off the wireless network completely. Both of these response will be a problem for most schools … they are expensive or make learning nigh on impossible. Neither is likely to be a good response to be honest so common sense would say to look at other responses.

REDUCE – The school knows it should do something, but cannot buy new kit or turn it off. Instead they may try things like segregating the wireless network from other chunks of the school (VLANs perhaps) or try to do what it can to increase security (Put some encryption in place and not share details with the local community)

FALLBACK – The school can’t afford to do much now, but it does plan to buy new kit over the coming year … so there is a plan for what to do for the future and the school keeps an eye on the machines being used for eCAF in the meantime to make sure strange stuff isn’t going on.

TRANSFER – The school might decide that it gets security advice in from a firm and follows their advice,knowing that should it go wrong they have someone who is to be held accountable, or they take out insurance to deal with any fines they may incur should it go wrong.

SHARE – It would be lovely to say the risk could be shared with the council, but this is about if you are sharing your network with someone like a charity, etc … and so are prepared to accept it as a combined problem.

ACCEPT – The simplest and highest risk option … the school knows there is an issue, but is happy to take the position that they are not worried, will deal with it if something happens and they will just try to be vigilant.

For those who recognise the above, yes, I know it is a bit of over-simplification but I am hoping it gives enough of an idea to how to approach things with SLT in schools.

There are some good resources around about risk management (HSE can be helpful here) but the stance on risk will vary from school to school.

Most people will work from the position on giving advice on the position for least risk. I am not saying you will be breaking the law if you don’t follow the guidance and, if we use the above example, I am not saying that you need to buy a dedicated machine which has to be in a locked room where no-one else has the key. Those are idealistic positions … and roughly translate to advice on physical security such as “Don’t walk away from the machine whilst you are logged in and using eCAF … if you have to then lock the door on the way out. If you can’t do that then log off eCAF and the machine … or lock the desktop … or have someone else in the office who keeps an eye to make sure no-one else goes on the computer …” and so on, down the scale of risk responses. Most of this is also pertinent when using an MIS too.

I don’t think I could give you examples of each and every scenario as that would mean a bespoke risk management plan for each and every school. However, since most things are common sense then by sharing things with colleagues in, or supporting, other schools you should be able to spot similar issues.

All of the above is looking at security risks … but it applies to any project. Are you swapping your VLE provider? Are you doing a major upgrade of the Office Suite in the school? Are you moving more towards Open Source options? Every project has risks. Some are threats, some are opportunities … but you cannot plan properly until you have started to look at them.

Categories
ict vision IT Management Uncategorized

The Ignorant Bliss Of The Idealist

It seems a bit strange to say this, but I may have said some stuff that was wrong. Yes … me … saying I could have been wrong. Then again I could have been perfectly right and this is just a cunning plan to make people feel sorry for me and make them pay attention to what I have written.

On Wednesday 2nd February 2011 a thread started on EduGeek.net around the fact that one of the respected regulars was happy to report that after some time they had been allowed to set up SIMS on staff laptops and then also allowed to remove full admin rights from Staff and lock them down. As a result they couldn’t install software, only change their background and add icons to their desktop.

Over the years this has been a continual battle for some members … to be able to take control and run their systems the way they should be run, with decent security, forcing staff to make use of the support team so that they can plan, stop viruses entering the network, and so on … I’ve been there myself and supported many others in similar positions. The problems that centre on Data Protection, security of files and data, prevention of network intrusion by non-school devices are real world problems …

But … and there is a big but … the simple fact was that I have a problem with people wanting to lock things down without due consideration for how it will affect the technology to be used for learning. I know that it might seem a bit strange for me to take this stance, but it is one born out of frustration.

My first point was that when software gets installed there is not time to test every single function, and quite often the first person to find these faults are teachers when planning lessons. By applying restrictions this can be made worse … from experience of macros in access and excel, templates in CAD/CAM software, preferences in Open Office, the ability to run embedded flash files. Now, you could argue that this is a good thing as they are likely to find the same flaws the students would do when they try the same activities during lessons, but that isn’t why it happens in most places. In fact, having talked about this with some people over the years this has even been put forward as an excuse to use to be able to force staff to accept lockdowns. Not in many places … but enough for me to worry about it.

The next worry raised was about license compliance. After all, if you give people the rights to install software then how will you know what is installed? How do you know they will not put on ‘dodgy’ software, possibly downloaded from interesting sites on the internet, possibly borrowed from a friend what they think is legitimate software they have purchased from the market but is, in reality, as black market as the movies we all get warned about in those wonderful “you wouldn’t steal a car” trailers we get on DVDs. They might even remove software the support team has spent ages getting set up. Turn off the automated software updates and the anti-virus. The risks are endless.

But these are adults we are talking about. Grown people who are capable of following instructions if they are explained to them. And so we hit the next barrier. The argument that SLT do not back up the support team when they explain to staff how stupid they are when they do any of the above. It goes into a downwards spiral of either blaming staff who follow this route or SLT with no backbone ….the only escape is to take control themselves … or convince others to allow them to do so.

Here is a key point. Read it carefully. If this is you, and you are doing it because you don’t having backing from SLT or you have far too much bitter experience of stupid staff … then you are only masking over the symptom. You are not fixing the problem.

Those of us who want to treat staff as knowledgeable users and ensure that SLT understand and accept the risks and benefits of technology feel your pain, we do, … you are not on your own. It happens in all aspects of a school. Go speak to your Bursar / Business Manager about why most staff are not allowed to do anything other than order items through them. Ask about why some departments get monthly financial reports, or even weekly at some points in the year. Ask pastoral staff about why they always have to deal with parents complaining about their child being sent out in a particular lesson but they are fine in others, by taking extreme control you ensure that the job is done.

But is it?
Who is it that thinks about how the kit and software will be used?
Most Support staff will shy away from giving educational advice to teachers. I know what the reaction would be from most teachers when a member of support or admin staff comes up to them and talks about T&L. Thankfully this is changing, but it is a two-way thing.

So, am I an idealist who thinks that Network Managers are being horrible to teachers or am I just trying to stop people ignoring the main problems?

I don’t think it is such a surprise that most people who reacted are from a secondary base. Talking to staff in primary schools or those who support primary schools there seems to be more trust, more freedom, both to make mistakes and to gain a lot more knowledge about how to use IT.

But … I know most people are not saying that I am wrong … just that in the real world it doesn’t work the way I think. I think it does and even if it doesn’t for you, then perhaps that this should be part of your targets … to look at how you can give staff more freedom and responsibility without creating too much work or putting IT systems at risk.

As a result I am setting myself a task to speak with as many people who do give more freedom to staff and find out about the journey how to get there. I will try to coach it in such a way that it will help SLT, IT Support and teachers speak a common language and try to develop an agreed goal. I am not saying there is any magic button that can be pressed … the Strategic Leadership of ICT course is sorely missed as a tool helping the process of change, often a long and sometimes stressful time, needing support, understanding and compromise on all sides.

Failing that it will also include a few hints and tricks about how you can work from the inside to make changes.

Categories
adventure alternative technology ict vision IT Management Uncategorized

I’m sure I had some budget left?

Let’s face it … we have all had this thought in our heads at some point in the school year. We may have even said it out loud in front of the Bursar / Business Manager as we try to sneak an order in for something. We may be at the point of having to work out what we can’t do until the next financial year and hoping that we can at least do a little bit of what is needed, or buy essentials.

Well, I hate to break it to you but it is not going to get any easier. Whilst the CSR might have been reasonable to schools, you will find that the extra money will not come the way of any form of technology (I am not going to get into the political debate about whether there is actually an extra money. There will be for some and not for others … presume the worst, hope for the best!) This means that all those posts you might have read from Ray Fleming and Miles Berry are more relevant than ever.

If you haven’t read them then go and do so … don’t stop to read this drivel … read and read!!!

Oh … you are back … good show!

Where was I. Oh yes, budgets. All those out there who have a long term school development plan which take care of development of technology in the curriculum, how to fund it and when to change it please pass go and collect £200 … oh yes … there goes Paul Haigh and Mike Herrity … and a few more. Good to see you again chaps. And not forgetting Elaine Brent … actually … quite a steady stream of people going past now …

Ok, and let us see who is left. Ah … as I thought … still too many of you.

Let us see what we can do to deal with some of the problems. Have you looked at the LGfL/Becta Budget Planner? I know that it is a bit old, but still perfectly serviceable. You may have to use a bit of lateral thinking for virtualised servers and it doesn’t quite cover cloud services (not all of which are free) but it is a good starting point, and it will be a huge improvement on having nothing to help in planning your costs. There may even be someone who fancies putting this into a series of Google forms to help people in their planning, or it could be incorporated into your Sharepoint setup …

This is presuming that you know what kit you have got. I’m not going to start a rant again about inventories, configuration management databases, definitive software library … most people will have read my earlier posts about how important this is, how they are important to supporting FITS and how IT Support can struggle without them. There are plenty of good discussions on software to gather most of this for you, whether it is open sources (GPLi / OCS NG, etc) or built in with other tools (SSCM, NetSupport DNA, etc) and there are others out there with far more hands-on experience to review the software … so I will let you make up your own mind. Just remember that you cannot plan what you are going to use technology for, or look at what technology you need unsless you know where you are starting from.

And then we hit the big snag … not a small one … or even a middle sized one … but a dirty great big one that means you could have to delve into your god-like powers again. Surely you have heard the motto of the IT Manager who has stuff dropped on them days (or hours … or even minutes) before it is needed.

Miracles I can do today … for the impossible please give 24 hours notice … and some pizza … and coke … and chocolate … and a bit of time off afterwards … and did I mention the chocolate?

Yes, the White Paper means the goal posts are shifting once more. Some of you will be in schools who are not that bothered. You may have SLT who are strong enough to recognise that the goal posts always shift and so you adapt or just create your own … sticking two fingers up to the world of politicians and they know what they do is good for the kids. For others … you might find that the targets of the last few years (or perhaps the last few months) are now out the window.

The first thing I would recommend you do is to take stock of what you have (darn it … I’m talking about the inventory again) but not just the physical aspect … but the functionality too. What software have you got? Office suite? Stuff for graphics and art? CAD/CAM? Programming? Numeracy? Go on .. delve down into that long forgotten cupboard of old software and check the licences on them?

Now, your mission, should you choose to accept it, is to try and find out what the educational need is for the school. Are the school going to change any of the courses they run? Perhaps drop Media or Music Technology (well … you didn’t need those Macs you were planning to buy, did you?) and concentrate on English and traditional music courses (let’s all get classical).

Well … some English courses are now very media laden, so check out about cross-over of kit. Did you know that those Macs you did buy for the fancy sampling also have tutorials for playing the piano? Why not look at things like GigaJam to make the use of them for teaching the local community to teach themselves keyboards, etc …

You get the idea … if you have a tool to do 1 thing then try to find 3 other things to do with it.

Projectors and IWBs … now I know IWBs have been round for ages but by teaching staff how to use it to save annotations from what they have been doing during that lesson (save as PDF, upload onto your VLE) then you can get revision materials created without having to get a heap of handouts printed out before the exam at the end of the unit / course … another cost saving there …

I think you get the picture now.

Find out what you have got.

Find out how it can be used.

Find out what changes the school plans to make.

Talk with people about making the most use of the kit.

Talk with SLT about buying stuff that will have the most impact for least money.

Be prepared for change … change is inevitable.

Categories
Conferences / shows ict vision IT Management Uncategorized

Important changes to Microsoft Licences

There have been many folk who have had many a rant about the cost of licences from the various companies out there … whether it is the cost … whether it is the arguments about the suitability of proprietary software (even if it does work and work well too!) … or the complexity about the various options that are out there.

And many of us would agree because *we* are the people who have done that rant … and occasionally there is light at the end of the tunnel.

Over the last few weeks I’ve had a few interesting conversations with a number of resellers and it was brilliant to to see the news finally come out on Ray Fleming’s blog earlier about changes to Schools Agreement licences.

Full details will be out around BETT 2011 but here is a short extract from Ray’s blog with some important things for you to look at now.

What do you do now?

Firstly, let me remind you that this is advance warning of a change coming on the 1st March 2011. So you can’t get this new agreement now. But here’s some advice on what you can do now:

  • If you are going to renew a School Agreement between now and the 1st March, ask your Microsoft partner whether you’d be best to get a short-term extension for your School Agreement. This would give you 3 months of cover, to take you through until you can switch to EES. Your Microsoft Partner will be able to advise you if this is likely to save you money.
  • If you’re planning to buy any Microsoft software in the next year, then consider coming along to our BETT stand in January, and having a chat with us about your best option. If your Head Teacher is reluctant to sign off a day out of school, then point out how much you might save with the new way of counting (staff, not computers).
  • If you’re not buying your software under a School Agreement subscription already, then take a look at this, and have a chat with other schools locally that are. Although the new EES scheme isn’t the same, you’ll get a good idea of the benefits of subscriptions over other methods, and that will help you to make the right informed choice for next year.

So … go and have a read of the details …

Now, I know many people are against subscriptions … and I have been there too. The idea of buying a perpetual licence sounds good to us all, especially if you don’t upgrade with every new version of the OS or Office Suite when it comes out, so we would all be forgiven for getting frustrated with the cost of upgrades (especially when you don’t get all the features with standard upgrade packages and need to cough up a bit more cash) against an annual cost. However, the new scheme actually comes out pretty good on the prices when you look at the cost of when you upgrade versions of your OS and various software packages … for most secondaries you would find that it wasn’t worth the cost to go to an annual model unless you had some major software replacement needs … but now … it is looking pretty good.

The full figures should be out in Jan (the scheme goes live for schools in March … and is live now for FE/HE) but if you are looking at buying under Select licences (especially if you are using software assurance) then make plans to look at ESS instead.

Your reseller should be talking to you about the changes shortly, but if they don’t then tell them you want more information. If you are already on the Schools Agreement then make sure that you only sign up for an extension and not for a full year. You need to make sure you get your extension in *before* your SA deal runs out. Make sure your reseller gets the forms to you sharpish.

So … there you have it … a major change in the approach to licences from Microsoft … so, they obviously have listened. There will still be those that want it for free, and those who say you shouldn’t use those products anyway … but a reality check here … people are using MS products and will continue to for some time so you need to keep an eye on this.

Will it ever be free? Who knows? All I know is that this is a chance for a lot of my local schools to save considerable amounts of money as well as getting more benefits too.