Month: September 2021

Devices for all students

I recently read with interest the plan for the Scottish government to issue “devices for 700,000 children”.   My first reaction was a positive one in the potential impact this could have on learning for the children concerned.   Taken as a simple headline, issuing a device to every pupil in Scotland seems like a good thing.    I suppose that’s part of the reason it works as a headline as it conveys a simple positive message, although as with most headlines it fails to encapsulate the complexity.   But then I started think a little more deeply and this raised concerns.

Infrastructure (in schools)

The article mentioned they would be “considering how to deliver consistent digital infrastructure” across schools.   This was my first concern.    Students might all have devices, but they wouldn’t necessarily have access to reliable infrastructure in schools to allow them to access online resources and services.   They also wouldn’t have access to allow them to keep the devices up to date with operating systems and other updates.     The article mentioned “an internet connection” where required, however without an internet connection I would see devices as limited and potentially a security risk. So limited use in the short term, and a sustainability issue in medium term.

Infrastructure (at home)

Even if school infrastructure is eventually supplied, devices will spend a significant amount of time at home and therefore ideally we would want students to be able to access resources and services while there.   This would also be critical in any situation where online learning is required, such as snow days or pandemics.    The challenge here is that not all students are likely to have internet access at home. Provision of internet at home didnt appear to be mentioned

IT Support

700,000 additional devices in Scottish schools;   This makes me wonder what additional resourcing will be put in place within IT teams to support all of these devices and the increased usage which school infrastructure and technology solutions will see should this project be successful.   It is also worth noting, as with the beginning of any new academic year, the introductory period will be the busiest, so if this project is to be successful there will likely be a massive need for IT support immediately following any rollout.

Pedagogy and confidence

Probably one of my biggest concerns is that this project feels like it may focus too much on devices and not enough on the support and training in relation to how devices and the apps they allow access to might be successfully used in teaching and learning.   We have already seen examples of a focus on devices without the training and support, and the resultant lack of impact when compared with cost;  The Interactive whiteboard is but one example.

Sustainability

There is also the issue of sustainability and the long term.   I experienced this years ago with the laptops for teachers scheme.  It is great for the government to fund or supply devices now, however will they commit to continuing the funding or supply of devices in the future, when the devices become worn or obsolete.    Assuming they will likely look at tablet or laptop devices, I would suggest this will be in around 3 or 4 years of use before needing replacement, although it might be possible to push this out to 5 years. After this additional funding will then be required to mount a renewal/replacement scheme.

A single solution

I am also concerned that this centrally driven approach will likely result in all schools getting the same device, albeit with some variation based on the ages of students catered to within the school.   This fails to take into account the local context of individual schools, staff interest, experience and skills, students viewpoints and preferences, parents, etc.   I increasingly believe the wider you try to deploy a singular solution the more likely it will be unsuccessful due to increasing variance in the context and people, students, staff and parents, involved. I think looking for solutions at a local level is more likely to work over trying to apply a single consistent solution.

Conclusion

It is important to acknowledge this is a good attempt at enabling technology in schools.   It needs to be lauded as such as at least there is clear evidence of an attempt being made by the Scottish government.   The same cant be said for other countries or regions. My concern is it seems to fall into the common trap of focussing on devices without considering the other factors which are needed for a successful educational technology project.    That said, I very much hope I am wrong.

IT Services and Admin

Sometimes the borders of responsibility to IT systems are a little blurred.   Take for example a complex HR and payroll system.   The IT team might know the technical requirements and how to get the software up and running.   They might know what integrations with other systems exist, including integration possibly with the schools Management Information System and with Active Directory for example.    But will they know how to solve a problem with an HR workflow which has been setup within the HR system?

This is where the lines blur.   As the HR and payroll system is an IT system, sometimes it is assumed that IT support teams will know the user interface and how it works.    Sadly, this is seldom the case and given the number of systems which a school might have, is it any wonder that IT teams can’t be expected to know how each system works and the user interface for each system.

Let’s just consider some of the systems a school might have:

Management Information, Payroll, Asset Management, Safeguarding, Trip Management, Room Booking, Parent Evening Booking, School Website, Parent payment gateway, Parent Communication Platform, Human Resources solution, Visitor Management, Cloud based productivity suite (e.g. Office 365), Timetabling solution….. and that doesn’t include the IT specific platforms and several other solutions which may be used in schools.

For me the key in deciding IT involvement relates to the need, or not, for domain specific knowledge.    The payroll systems for example will likely need some accounting and payroll understanding along with understanding of school payroll related processes.    It needs knowledge from the payroll domain, knowledge IT teams won’t necessarily have.   As such administration of this system should sit within Finance or Payroll, where the required domain knowledge exists.

Personally, I do however think there is a place for IT support teams to have some skill, experience and the ability to provide training in the schools’ core productivity solution, such as Office 365, including understanding how it can be used by teachers.  Productivity suites tend to be flexible for applications in different domains, however in their use within teaching and learning, this clearly would suggest need for knowledge from within the teaching domain.    For me though, as teaching and learning is the key aim of a school, there is therefore significant value in IT teams being able to support this aim.    

I think as we use more and more IT systems, the lines between what IT support or services teams can do in relation to IT systems and what they cannot continue to blur.   Also, as the IT systems we use in every day life become more and more user friendly I also think this increases the perception that trained IT staff can troubleshoot and support all IT systems, hiding the fact that role or process specific systems continue to be specialist and required specific domain knowledge.

If I was to sum up, lets use a medical analogy:  IT Support teams are like your GP.   We keep things generally running, are good for your general queries, but when it comes to brain surgery, or the payroll system, am not sure I would want them carrying out the operation. Equally am not sure a brain surgeon, or someone for payroll, would make a GP……. or an IT Technician.

IT Services: Week 1 of the new academic year

The first week of a new academic year is probably one of the busiest periods of the year for IT teams in schools and colleges across the UK and also the world.  Here we have seen a 10% increase in calls logged, when compared with last year and that excludes countless walk-ins and telephone calls where the resolution was quick and therefore never logged.   Comparing last week with the previous year average, last week is around twice the volume.    So why is it so busy?

Returning staff and students

The first week sees all your returning staff and students once again logging on and accessing school systems.   One of the challenges though is that it may have been 2 months ago or more that they last logged in.    This means there is always several forgotten passwords or queries about how to use a particular system or find a particular report.   For some reason printers and copiers in particular make frequent appearance on IT call logs at the start of term.

The need for Multi-Factor Authentication (MFA) also throws some challenges in here, where staff have bought new phones, and where their old phone was setup for MFA.    This then requires support is provided to setup MFA on their new device.

System Changes

Although teaching staff may be on holiday over summer, a lot of the IT upgrade work occurs during this period.   This means that teaching staff may come back to slightly changes in the IT setup and processes.    You can never underestimate the impact even the slightest change will have on some users.    As such, the likely system changes conducted during summer contribute to a busy first week as staff need to adjust and build new habits.

And it isnt only schools which make changes; Some EdTech vendors will also take the opportunity to upgrade or update their platforms.  Again, this will cause some users difficulties leading to a “quick” call to IT.   Occasionally this can cause big issues where changes don’t go according to a vendors plan, resulting in service disruption.    Sadly, this is largely out of IT Services control however that won’t stop users directing their frustrations and annoyance towards the IT team.

New students and staff

I have already mentioned the challenge of returning users having forgotten how things work or how to do things, but then there are the new staff and students for whom the school’s setup, systems and processes are totally new.    Despite whatever training or support they have been provided, they are likely to need support; During their opening weeks they will likely need to learn so many new things, from school processes, staff names, their way around site, etc, and as such it won’t all stick, and where its an IT issue that doesn’t stick, it’s a likely call to the IT services or support team.

Last Minutes changes

We always hope things have been planned in advance, but each new academic year brings with it plans or ideas which were only agreed or decided upon recently just before the year begins, thereby requiring last minute actions.    This is often very frustrating, as despite some of these ideas and initiatives having value, the worst time from an IT point of view to make changes or try to implement new things in a hurry is the start of the new academic year when you are already under pressure. 

Conclusion

The start of the new academic year is always going to be busy.   I am not sure there is much we can do about this as most of the factors listed above are unavoidable.    I think the best we can do is to look to those areas which are avoidable and seek to do just that and avoid them.   We also need to carefully find ways to mitigate issues through providing JIT (Just-In-Time) training resources and directing users to these.   If you can empower users to solve their own issues as much as possible IT teams can then focus on the issues which need their support and where users cannot resolve themselves. Developing ways that teaching and support staff can share ideas, difficulties, etc, among themselves can be an important solution here.   We have an EdTech Mutual support team for example where staff can share questions or issues, with other staff then able to provide the solutions, workarounds, etc.   I will note this is also a good resource for IT teams as it gives insight into the issues and on occasions gives us solutions which we hadnt considered.    The need for prioritisation is also important, to focus on the jobs which have the biggest impact.  This requires users be understanding to the limited resources IT teams, no matter how big they are, will have.    

In conclusion, if I was to end with just one message it would be, be kind and considerate to your IT services and support teams at the start of the new academic year.    This is a very very busy time for them, much as it is for most school or college staff, however they may have also been busy throughout the summer.  

Well done to the IT people in schools and colleges around the world;  By the time you read this most of you will have survived the first week (and maybe the second) of yet another academic year!   Keep up the great work!

Create a PowerAutomate based on a Shared Form

Only recently found out how to do this however it makes a significant difference allowing me to now create PowerAutomate (previously Flow) automations but based on a Form created by someone else but shared with me.

To do this you need to first identify the FormID for the form.   To do this, just look at the sharing link for the form.  This is the link which someone looking to complete the form would fill out, not the link which may have been shared with you to edit the form.

The FormID is the characters following the ID= part of the URL, the section redacted below:

Now in Power Automate, create a new flow with a Form submission as a trigger.

Using the FormID combo list, you will see all of your forms but not those shared with you.   As such select the option at the bottom for Enter Custom Value.

Now paste the FormID characters from earlier into the FormID box.

You can now build the rest of your PowerAutomate as required, based on the responses to the Form which has been shared with you.

Eggs in one Microsoft/Google basket?

At the start of the week an issue arose which appeared to impact on a number of schools, in relation to syncing of OneNote on iPads or where using the Win 10 OneNote app.    This got me to thinking, should we be concerned where we are increasingly having all our technology eggs in one basket, being either the Microsoft Office 365 or Google Workspace for Education baskets.

Benefits

First, I think it’s important to acknowledge the benefits of having your eggs in one basket.    Taking Office 365, which is the solution my school uses, one of the key benefits is integration.    Each of the apps integrates well with the others, be this using Outlook to setup Teams meetings or setting up a Microsoft Form based quiz, as an assignment in Teams.   As each of the apps are part of the same wider platform, they generally play well together.   As soon as you start to look at number of different apps from different vendors, integration and interoperability very quickly become problems.

User interface is another significant benefit.   Each of the Office 365 apps, as part of the wider platform, has a reasonably common user interface.    This makes it that bit easier for users, both staff and students, to gain familiarity and confidence in using each app and the overall platform.   Again, as soon as we look to different vendors, we find ourselves with different user interfaces across different apps, and therefore an increased learning curve for staff and students.

Security is also worth remembering.   As a single unified platform, I consider it easier, but not necessarily easy, to secure Office 365 versus similarly securing a number of platforms from different vendors, with integrations and potentially third party integrators involved.

Drawbacks

The key draw back is the single point of failure.   When it doesn’t work the impact is huge.   Now in the recent case it was only OneNote which experienced an issue so staff and students could still make use of Teams, OneDrive, email, etc.   This is a lesser issue.   Had the issue related to the Office 365 platform as a whole then all apps within the platform would therefore be affected.    Thankfully, given the size of Microsoft, they have backups and resiliencies in place to reduce the likelihood of such an issue, however statistically over a longitudinal period the likelihood of such an incident eventually reaches 100%.    I would however suggest the exact same is the case where using multiple vendors to supply your solutions, however given the complexity of different systems and the resultant integrations required I would suggest the time period in this case before probability reaches 100% is much less, therefore representing a more significant risk.

It is also worth noting that where we are referring to SaaS (Software as a Service) there is also a risk that the vendor might choose to change the service such that it no longer meets our needs or may even discontinue the service.   In both these cases we find ourselves in the difficult situation of needing to find an alternative and needing to migrate potentially massive amounts of data. With Google and Microsofts productivity suites I would say the risk here is minor, however the possibility that an individual app within the wider platform may change or be discontinued is a more likely occurrence.

Conclusion

I don’t believe there is a perfect solution.   If you wanted to protect against a single point of failure, and having all your eggs in one basket, you would use more than one system, possibly using Microsoft as primary with Google as a secondary solution.    The issue here is that of resources and that of users.    Managing two platforms, keeping one ready to use if needed, and ensuring staff are ready to use the alternative platform will take at least twice as much in the way of IT support resources.   I would also suggest it is highly unlikely you could train users up to be able to be capable across two platforms. I think even trying to do this would impact on users confidence across both platforms. And this is without mentioning potential cost and financial implications.

Alternatively using different vendors for your video calls, emails, collaboration, etc and splitting up the functionality of your solutions is equally unlikely to work due to usability but also due to complexity and resultant fragility of combined systems, with each vendor focussed on their platform and not on others, or on the integrations you may have between platforms.

In Microsoft we trust

This brings me back to an acceptance that the benefits of having all my eggs in one basket, a Microsoft basket in this case, provides more benefits than risks.    It offers easier management, usability and security.

That said, it doesn’t hurt to have a little bit of insurance and to have the basics of Google in place just in case;  Yes it may not be ready to go, so may take some time to setup, but at least having it around means it is there should the worst ever happen.

UK GDPR: Showing compliance

One of the few things which I felt was different between the old Data Protection Act 1998 and GDPR when it was introduced, was the need to be able to evidence compliance as part of the compliance process.   So, to be compliant you have to be able to provide evidence of compliance. 

So how to show compliance?

As we start a new academic year, I think it is therefore important to give some consideration as to how you can provide compliance with UK GDPR so I thought I would list some of the key evidence you should have.   

Data Record Summaries

One of the key things about GDPR and personal data is knowing where the person data is stored and/or processes so one of the key methods of showing compliance is to have records of which data is where, along with appropriate classification of the data, who has access to it, its purpose and how it is processed.  Now I know from personal experience this can be a very arduous job, however it is important to understand it can be carried out at different levels of details, from full details down to the individual data fields, which is likely to be too details and time-consuming, to higher-level records focussing more on record types.   It is therefore important to decide what level of detail how need.   It may be acceptable to have a high-level central record which individual departments then may keep more detailed records at a more local, department level.

Retention periods

We also need to be able to show we have considered our retention period of different record types.   Now the Department for Education provide minimum retention periods for some record types however for others’ schools will need to make this decision for themselves.    As such the evidence of compliance is then the retention policy or process plus the fact the current data stored matches this.

Policies

We can also evidence our compliance by having the appropriate policies in place, although really, it is less the policies that matter, and more that the school follows and complies with their own policies.  So, this can include a privacy policy, data protection policy, acceptable usage policy, data retention policy and information security policy.    I think, also there needs to be evidence in the form of policies or documented processes in relation to incident management and in relation to managing subject access requests or other data issues.

Is Data Protection and GDPR discussed

This to me is the most important evidence.   We can create our policies and other documents as a one-off task however data protection and compliance with UK GDPR is an ongoing process, as processes and systems change, as additional data is gathered, as the operating environment changes, etc.    As such one of the key pieces of evidence is that data protection is often discussed.   This can easily be seen in minutes of meetings, briefing documents, emails, incident and near miss logs, etc.    Simply asking random staff some basic data protection questions, such as who they would report a suspected breach to, or what to look out for in phishing emails, will help you easily identify is data protection is taken seriously and therefore, how likely that UK GDPR is complied with.

Conclusion

The above is not meant to be exhaustive detail as the reality of UK GDPR is that your approach should be appropriate for your organisation and for the data you store and process, and the methods you use to process such data.    As such I suspect no two schools will ever be the same, although they will certainly have many similarities.

If I was to make one suggestion it would be to ensure that you can show that data protection is part of the normal day to day processes.   There should be evidence of its general and regular discussion as if this is the case, if it is regularly raised and discussed, it is likely you are already well on your way to compliance.