Author: Gary Henderson

Gary Henderson is currently the Director of IT in an Independent school in the UK.Prior to this he worked as the Head of Learning Technologies working with public and private schools across the Middle East.This includes leading the planning and development of IT within a number of new schools opening in the UAE.As a trained teacher with over 15 years working in education his experience includes UK state secondary schools, further education and higher education, as well as experience of various international schools teaching various curricula. This has led him to present at a number of educational conferences in the UK and Middle East.

Online Safety Bill

So, the online safety bill is once again back under consideration and already looking like its getting softer.    The proposed dropping of the “legal but harmful” clause being another example of a focus on individual privacy winning out over monitoring and filtering in the interests of public, and child, safety.  

Now I understand the challenge here of balancing individual privacy and public good.   Individual privacy is enshrined in the principles of basic human rights, yet we want our governments, intelligence services, police and even schools to be able to monitor and filter content to keep people safe and to proactively identify potential threats to the lives and wellbeing of those under their care.    These are opposing points on a continuum and each step made positively in one direction is usually at the expense of the other position.   More privacy means less ability to monitor/filter in the interests of public good.    More filtering/monitoring means less privacy and the risk of data being mis-used or leaked.

To me it is clear that there is a definite tendency towards individual privacy winning out in this argument.  Apple quietly dropping its plan to monitoring iCloud accounts for Child Sexual Abuse Material (CSAM) and now the UK government looking to remove the “legal but harmful” clause being two good examples of how privacy is winning.    I doubt this will change, at least for now, and especially as more and more organisations are seeing fines and reported issues as to how they are managing the data of individuals.   So, what is the solution in particular in relation to schools where online safety is such a key and important topic and issue?

I think the key here is in establishing very clearly the need for social media vendors to look after children using their platforms.    Maybe the “legal and harmful” clause is inappropriate when applied across the general population but surely we must be able to agree we need to protect our children and therefore identify some of the materials which might be legal yet harmful to them.   And it isnt just the content that is the issue, but the medium and the algorithms feeding the content.   Is it right to categorise a child, where children are more impressionable, and then field them a specific type of content constantly, based on trying to keep them hooked on an app?   Might this not shape their world view such that they see things as rather binary rather than the more nuanced and complex nature of the real world and real life?    Is it right to feed children almost constant streams of content, including potentially harmful content, or provide contact with unknown individuals?   We need to make the vendors consider the medium they providing along with their algorithms and the potential impact they have rather than just pointing to the content as the issue which needs dealt with.

I will admit I saw problems with the Online Safety Bill from the outset, and even more so given it was first proposed as a draft in May 2021, over 18 months ago;   In the technology world 18 months is a long time and a lot can happen so this highlights how legislation will always be playing catch up.    My original concerns, I will admit, were more on the technical side of things.   Privacy points towards end to end encryption and other security solutions which then hamper monitoring and filtering, plus there is the challenge that social media vendors cross geographic jurisdictions, where different governments may have different motives and ethical standards for the monitoring they may require or request.    Also any weakening of security and privacy may in turn increase the likelihood of cyber criminals gaining access to data. So my concerns were that, although the bill might be well meaning, it would be difficult or impossible to effectively implement.

That said, something needs to be in place and I think this is the point we have now got to, that we need to accept something imperfect as a starting point and then hopefully build from there.    I will also admit that the responsibility for online safety doesn’t just belong to the centralised provider of social media and other services, or to the centralised government of the nation within which a user resides.  When we talk of online safety and children, parents and guardians also have their part to play, as do school pastoral teams, form group tutors and teachers, friends and other members of a child’s wider social and family circle.   And maybe this focus on the online safety bill for a single answer may actually be having a negative impact in taking our eye of the need for a wider and collective effort to keep children safe.

I suspect the solution at this point is to get the online safety bill into law.  Its better than nothing and can add to the wider efforts required, and hopefully be seen as a step in the right direction rather than an endpoint.

Big Tech and balance?

Within the technology space there are now a small number of hugely powerful players.   These players, including Microsoft, Google, Amazon, Meta (previously Facebook) and Apple, are now so dominant that their impact is felt beyond the technology space.   With this comes some advantages, but as I have often written, we live in a world of balances, and therefore there are also some potential risks or drawbacks.

Writing this blog piece came as a result of reading an article in relation to Sony and the PlayStation brand, a large and powerful player within the gaming space, where they are being sued in relation to breaching anti-competition laws, using their powerful position to apply pressure to games developers and publishers which then drive up game prices and therefore profits.  You can read the article here.    We have previously seen similar lawsuits levelled against both Google and Amazon in relation to their shopping platforms either favouring suppliers or brands based on their relationship with Google/Amazon or favouring their own brand products in the case of Amazon.    In the case of Google/Amazon the concern relates to their power resulting from providing the search functionality for users while also either providing products themselves or providing advertising services to brands/suppliers.  

And this isn’t the only risk in relation to these big players.    In the case of Microsoft, Google, Amazon and Apple, they store our data for us in the case of Google Drive, OneDrive or iCloud.    Where this is free storage, this is convenient for us, but if we aren’t paying for the service how are the ongoing costs being covered?Recently France suggested that schools not use the free services of Google or Microsoft for this reason.

It may be that in using their services for search or for purchasing items or for music, etc, they gather data about us.   So as the large players, that most of us will have regular interactions with, they will be gathering huge amounts of data about us which they then can use to profile and predict our behaviours.    Now we might accept that they do this for good reasons such as improving their services, etc, however if we believe that some of their corporate practices have been questioned it may also be reasonable to consider that they could seek to misuse this data.    And in the case of those services supported by advertising revenue it would be easy to see how they might use the data to influence our decision making and that’s before you consider the possibility of these services, themselves, suffering a data breach resulting in all this data being leaked onto the public internet.

There is also the issue of truth;  In the case of Google and Facebook, which allow users to access the news and other current affairs information, they control the information they present to users.   How do we know that they are presenting the “right” information?    (I note that establishing what is “right” or “the truth” is a problem in itself, however is outside the scope of this short post)   How confident are we that the information being presented to us is absent of bias?   Do the algorithms present sufficiently broad viewpoints or just present a singular viewpoint, that which the algorithm thinks we want to hear? In trying to keep us engaged with the platform do the algorithms tend to only present viewpoints we are likely to agree with, thereby creating echo chambers and online binary arguments?

The significant issue here is the fact that we havent been through this kind of technological change ever before in history.   Yes, we had the invention of the printing press, of radio and of TV, but these didn’t impact on society with quite the same pace of change as the combination of smart phones, internet access and social media.    And the difference in pace of change is so easily observed in the rate of adoption with the TV taking 22yrs to reach 25% of market access while Facebook only took 2 years.   We are now in a situation where so many of us are carrying an internet enabled device in our pockets, and regularly interacting with apps, including search and social media, where these apps and their underlying algorithms are constantly gathering data in order to hone and adjust the content which they serve us with.  

Now I know when I talk to students they don’t want to give up the convenience of google search or amazon for shopping, or the interesting content, including that from friends and family, provided by TikTok, Instagram, Snapchat, etc.   I will admit I am equally reluctant and would find not having google and twitter difficult.  

So what is the answer?    

Well I think the answer is simply to discuss and acknowledge that these services and the vendors that provide them, Google, Amazon, Apple, Microsoft, Meta, etc, provide us beneficial solutions, however in most things there is a balance.   We need to be aware of this balance, we need to discuss this balance with students such that they know the drawbacks and risks associated with the vendors and solutions we now so commonly use.It may be that our current technology revolution resolves itself much like TV, radio and the printing press of the past, however in case it doesn’t, I think we need to develop our overall awareness of the risks.

Privacy and OSINT

The more time I spend looking at cyber security the more concerned and paranoid I become and the more I realise how, in general, we don’t pay enough consideration to the data we share online.  Take for example a recent post I saw online where an individual was celebrating the purchase of a new house.  

They posted a lovely photo of the front of the house, with the for sale sign showing as sold.   The photo didn’t include the door number however it wouldn’t take much effort to find the address of the individual concerned.    Their photo showed the name and telephone number of the estate agent giving a rough area based on the UK area code.    A quick search on the estate agents site would give details of houses they had for sale along with photos from that period in time.   A quick comparison and you have an address, plus the name of the individual is included in their social media profile.   So, we now have a name and an address, plus from the social media profile we know about what they do for a living and various other bits of info.

The above is an example of OSINT or Open Source Intelligence, using freely available information to track someone down or create a profile on an individual.   It is all too easy given the information we make available online plus the various search tools which are now available. A logo, identifiable vehicle, company name or any manner of other things can help in tracking a person down.

In another post I saw an individual posted regarding repairs being done by the water board and how the works blocked their driveway.    The house number is in sight in the photo as is a house name plate.   Again, there is enough information to track the individual down and identify their address, with their name and job identified through their social media profile.

We all too often post photos online, such as photos from our evening run or photos with family, almost always giving away more information than we intended.   We equally may share information from health or fitness apps, possibly including run routes, again giving away more information than we intended.

This is yet another area of digital citizenship which we need to be discussing in our schools, with staff and with students.     If we don’t, it is likely that our continual sharing online will continue to compromise our privacy and potentially could result in some individuals putting themselves at risk.

Connected isolation?

How is it that social media allows us to be hyper connected yet we can still feel so much individual isolation?

I found myself wondering this ahead of the schools and academies show sat having something to eat on my own, while tweeting and otherwise engaging with individuals from all over the world via social media.     Isnt connection a key feature of social media in allowing us to have large “friends” groups which we can access even when geographically apart?    Shouldn’t I therefore have felt connected rather than isolated as I sat there?

A broadcast medium

One possible reason for my feeling of isolation may be the fact that todays social media is very much a broadcast medium.   We post outwards on twitter, we post outwards of Facebook, on TikTok and on other social media platforms.  They are no longer a simple extension of our “in-real life” connections, our friends and our families.   We hope that someone will reply and engage with what we have posted, or at least will provide a like, however this is a hope rather than an expectation.   So maybe the isolation therefore relates to the fact that my social media engagement amounts to throwing out posts and updates in much the same way a message in a bottle is cast into the sea in the hope that someone may read it.    It isn’t the two way conversation and engagement, the “social” experience which it pretends to be.

The human animal

This brings us nicely to another possible explanation being how we as humans have been conditioned through centuries of evolution to behave and respond.   We are used to smallish social groups rather than the 1000’s of followers we may achieve on social media.    Could it be that the we don’t have the same connection online with the 1000s we send our posts out towards, at least not to the same extent we might have a connection with the stranger we bump into and have a drink with in the pub? I will admit to having a conversation earlier in the day with a stranger in a busy pub and that this was engaging and enjoyable, and made me feel connected.

We are used to the social experience of face to face interactions, of getting verbal, facial and other non-verbal ques in our interactions with people.     We have a physiological response to the presence and interaction with those we know and like, while we have a different physiological response with those we don’t get on with.    Am not sure, however I suspect there may equally be a physiological response when interacting with people online however I suspect in some ways it may be a lesser response although I will also acknowledge in some cases the response may be greater or even extreme, spurred on by the safety of being a keyboard warrior distanced from any physical risk which could arise through face to face arguments.   I would suggest though, if we take the extreme cases out of the equation the average physiological response to online interactions is less than that for face to face interactions.  And so it may be that the online interactions feel a little numb when compared with face to face interactions.

Conclusion: An illusion of connection but not a very good one

The above is simply a little musing.   I have made some great connections with some great people via social media so as a vehicle towards face to face connections it is invaluable.    But does the supposed “social” nature of social media, the 1000s of online connections, make us think we are more connected than we end up feeling?    And if so, does the difference between how connected we think we are versus how connected we feel lead to a greater feeling of isolation?   Is the feeling of isolation a response or a result of this disparity?

If I was to draw any sort of conclusion I think it would be this;   For me, I am happiest when engaged in conversation in person even where with strangers.   Social media presents an illusion of connection and not a very good one, but this illusion can impact on us.    I think that is why I felt isolated as I sat there.   The solution, to stop engaging in social media in hope of a connection and to spark up a conversation with someone, to do what we as humans have been doing for centuries and engage with a fellow human being in a face to face conversation where I can actually feel properly connected.

Online Safety – Meta/SWGfL Event

This week included a little visit to the Meta offices in London for an SWGfL event focussed on online safety.   Now I decided to attend this event as I believe in the importance of online safety and in the wider issue of digital literacy or digital citizenship.   I am also highly conscious of the challenges from a technology point of view given the ongoing focus by technology vendors on individual privacy, including the use of encryption, over public good and online safety.It was also a great opportunity to bump into Abid Patel although he had to remind me as to the need for the obligatory selfie.

Digital Literacy

During the course of the event the term digital literacy was used which I take to mean similar to “normal” literacy, but in terms of digital media.   Now I don’t think this term goes far enough although I am happy for others to disagree with me on this.   For me digital literacy may cover the users use of technology and understand how and when, etc, but it doesn’t stretch to the issues of behaviour online and the online identities we develop as we post increasing amounts of content online.   As such my preference over the term “digital literacy” has always been a focus on “digital citizenship”, where digital literacy may form a part of this. It may seem a minor point, but for me it is an important point.

Being online

One message which was quite clear from the event was the extent that our students are now online.    The opening session quoted figures of 3hrs and 36mins as the average time spent online by 9-16yr olds.   If we assume 8hrs sleep, that’s over 20% of a child’s waking day spent online.   And for weekends the figure only increased, plus it was noted that children are increasingly “multi-screening” where they are using multiple devices such as a laptop and phone at once thereby allowing them to consume more content in less time.    From a risk point of view, the more content consumed the greater the risk of inappropriate or even harmful content being consumed.

Another similar statistic shared identified below 5% of internet users in 2003 as being under 18, yet now the figure standards at almost 40%.   A big jump, suggesting a clear trend, again highlighting how our children and students are now highly active online.  

Guidance and help

In relation to help dealing with living online it was noted that parents were viewed as the main source of help and support in relation to issues experienced online with teachers taking second place.    Unsurprisingly though a survey of teachers noted training and the ability to keep pace with technology being two barriers towards being able to properly support students online.    In relation to keeping pace with technology, I think we need to acknowledge that we can never really keep pace.    On reflection, I found myself more able to keep pace when I was a younger teacher than I am now; this may be age related however it could equally be technology related in that the pace of tech change is now quicker than it was when I was younger.    I think here the importance isn’t necessarily knowing the answers but about being open about not knowing the answers and accepting that the discussion with student may itself have value.

In terms of training this makes me think of a poster in my office regarding students never asking for professional development, or training, on using technology.   Now I will note this statement is overly simplistic but aimed to get across a point regarding the massive number of resources and help available online plus the increasingly intuitive nature of [simple] apps.  Maybe we need to be more willing to “just Google it” in relation to technology?   That aside, the issue with training is where is it going to fit into the already busy curriculum and crowded workload of todays teachers?    Surely it cannot be yet another thing added, and who every subtracts, from workload?   I don’t have an answer to this one however I think the topic needs to become something regularly discussed in staff rooms, insets, assemblies, etc.  It needs to become part of culture however with this I recognise it may take time for this change to occur, at a time when technology changes occur so much faster.    So, for now, for me, I am regularly trying to prompt discussions and thinking in relation to digital citizenship just by doing simple things such as highlighting news stories in our school weekly bulletin.   The individual effect is low however my hope is that over time it will build awareness and discussion.

Conclusion

The event had a fair few points of interest and things I could take away.  Far more than I have outlined above. I had hoped that it might help and answer the challenge of balancing out the need to protect students with the prevailing narrative regarding the importance of individual privacy.   Sadly, I don’t think the event provided any real answers in this area beyond some evidence that Meta are partnering with organisations to help to address the problem, and that efforts are being made.   Are these efforts enough?   Am not sure there will ever be enough effort as any single loss of life or significant impact on the life of young person will aways be considered sufficient evidence that more could have been done.    The fact Meta are supportive of a programme allowing individuals, including children, to log a fingerprint of non-consensual intimate imagery such that it can be automatically quarantined and even removed is good news.   I actually find this interesting given Apple seem to have allowed their proposal of scanning for Child Sexual Abuse Material (CSAM) to quietly disappear from discussion. So maybe there is progress being made after all?

It was a useful event.   The more we can discuss the challenges the more they evident and the greater chance we can seek to manage and mitigate them together. And this is another takeaway, that the event marked a number of individuals and organisations coming together to discuss the issue; This needs to continue and grow in frequency. 

JISC Security Conference Day 2

It’s been a few days since the JISC Security Conference however I am only now seeing light at the end of the tunnel, having spent the last few days catching up following my two days out at the event.   As such I thought I would share some thoughts following Day 2 of the conference.

Defend as one

During the course of the 2nd day of the conference I attended a number of sessions where various educational institutions shared their experiences of cyber incidents.   I will admit it was good to hear their experiences as generally all we get to hear of in relation to cyber incidents in schools, colleges, and universities, is the news posts which lack any of the detail as to the cause and impact of the incident, or of the resulting recovery operations.   It would be good to hear more of the details around cyber incidents in schools, etc, as there is a great opportunity for use to learn from the experiences and collectively seek to be more secure, with this being summed up by the JISC conference tag line, “Defend as one”.    I will however note the challenges in relation to this due to the sometimes sensitive nature of such information.

Cyber:  An IT issue?

Now the event itself was very useful for me as a Director of IT, being surrounded by others in similar roles however, as identified by one of the speakers, this also represents a challenge.    Technology security is not solely the responsibility of IT.    It is the responsibility of all those who use technology, who manage or are the owners of data, who lead departments and who lead or govern within educational institutions.      Equally all these people need to be onboard and considering what they might be doing in the event of a critical technology incident where they will need to try to keep operations going while the IT team focusses on the technical issue.     Yet the JISC security conference was mainly attended by IT people.   Clearly there is need for others to be more engaged, and I will certainly be looking to try and encourage other non-IT senior staff to attend events like this in the future.

Third Parties and supply chain risk

As the second day proceeded, I started to see some key themes and messages coming out, some of which aligned with some of my thinking, with one of these being the risk associated with third parties and the supply chain.   Increasingly we are using more external solutions, either online based solutions, or solutions where we have technology solutions from a third party running on our networks.   Examples might include a third party hosted web-site solution, a CCTV solution hosted on site, or a visitor management solution hosted on site.    These solutions have access to school data or may be on the school network, and as such may either represent a risk to the data should they suffer a cyber incident or could represent a risk to the school network.   If on the school network, they might introduce vulnerabilities, which we are unable to address and where instead we must wait for the supplier to identify and resolve by developing and deploying an update or patch.   So this risk highlights the need for due diligence before introducing new solutions.  This didn’t really happen during the pandemic, as we sought to act quickly to address the challenges so there is work to do in carry out the due diligence for systems now in use.   Also, due diligence at the point of purchase represents a snapshot;  Most technology solutions evolve over time, with new functionality being added or existing functionality adjusted and changed, meaning the due diligence which was originally conducted is now out of date and inaccurate.  This highlights the need for periodic review, but this is then yet another task or piece of work which needs doing, and who does this due diligence where departments across a school, college or university as sourcing their own solutions?  For me the key here is we need to look to do more in relation to examining the cyber resiliency and disaster recovery plans of the third parties we use.

Prioritisation

Another theme which came across was the extent of the cyber incidents described.   Basically, in some cases it meant going back to scratch, turning everything off and rebuilding.   But this takes significant time running into weeks and months.    This means it is key to identify the priorities for the recovery.  What systems and processes need to be recovered first?    If we don’t stop and consider this now, when things are running, we will likely find ourselves in the middle of an incident with every department and users screaming that they system or process is most important, and we will then waste significant time trying to debate and decide.    Clearly there is need to examine all the systems and technology in use and then identify a clear and documented priority order for these systems such that when an incident occurs there is a clear priority order with which to work with.

Data Governance

The issue of data governance was particularly notable in discussions related to HE, to universities and this is likely due to their size and scope when compared with schools and colleges.   That however is not to say that the same challenges don’t also exist in schools and colleges.   The key question here is about the basics of data management and knowing what data we have, why we have it, where it is and likely most importantly who is responsible for it.   And in terms of responsibility, I am not referring to IT teams being responsible as they run the systems the data is stored on, but who the owner of the data is.  For example, admissions data doesn’t belong to IT, it belongs to the admissions team, while pastoral data belongs to the pastoral team.    IT can never know the processes and uses of all the data stored by different depts on IT solutions, therefore they cannot therefore be responsible for the data management side of such data.   It is the data owners that are responsible for what data they gather, how it is stored, how long they keep it, etc.    It was key from some of the discussions that greater effort needs to be made to ensure all understand who is responsible for what data. 

Conclusion

There was a lot to think about on Day 2 and to be honest I havent as yet had a sufficient amount of time to properly stop and reflect on the day or on the wider conference as a whole.   And I suspect it will be a few weeks and maybe the end of term before this will properly happen.

That said the above represents some of my initial thoughts based on some of the copious notes I took during the course of day 2.

I will end on an important message as I see it; This can all seem like doom and gloom.  The “when” rather than “if” of a cyber incident, the size and impact of such an incident and the multiple things we need to be doing to prevent and prepare, but against the backdrop that no matter what we do it may still happen.    We cannot allow it to be all doom and gloom.   My view is therefore that we need to simply seek to continually improve, to not try and do everything, but to try and seek to be more secure today than we were yesterday.

JISC Security Conference Day 1

I thought it would be useful for this weeks blog to focus on the JISC Security conference in Wales, which I am attending today (Mon 7th Nov) and tomorrow, plus which includes a third day held online.

So, lets start with my usual travel difficulties.   This shouldn’t have been a difficult one as have driven to the event however my car decided to develop some engine issues, including the engine warning light deciding to stay one plus occasionally flash alarmingly at me.   I noted a reduction in engine power which meant my cheeks were firmly clenched as I crossed the Prince of Wales bridge in the wind and rain;  Not somewhere I would want to break down.   Thankfully the car got me to my destination and can now have a rest before the return leg.

So the event itself, as I write this opening part of the blog I am sat waiting for the event to begin.  I have high hopes for the conference as there are so many different talks all focussed on the very important topic of technology security in education, principally in Further Education and Higher Education.   As a topic technology or cyber security is increasingly important in schools, colleges and universities as cyber criminals seem set on targeting education.   One presenter at the JISC conference suggested education was the number 1 target for ransomware attacks.   It makes sense sadly due to the data schools, colleges and universities hold, plus due to the fact the focus is on education with cyber security relegated to a secondary or even tertiary concern, often reserved for those working in IT roles.   Given the focus of the whole conference is on security I was very hopeful that I will take away quite a bit from the two days.

One of the big take aways from Day 1 for me was a document which presented 16 questions for University Vice Chancellors to answer in relation to cyber security.   The purpose of the 16 questions being to prompt discussion in relation to cyber security at the highest levels of management in universities.  It was clear from conversations with a few people that although this document had been sent to all universities, it hadnt necessarily been disseminated and discussed.   Looking at the 16 questions I could see how they were applicable not just to universities but also to colleges and even schools.    This did make me wonder about the need to share ideas and how, at the moment, there are various organisations sharing advice on cyber security, however no-one really collating this and providing it across sectors.   For example the DFE shared guidelines for schools while JISC developed and shared guidance for universities, yet both publications contained some common themes.   Wouldn’t it be good if this was shared centrally but with all educational institutions regardless of stage/sector?

Another discussion that I found interesting related to how we know or can assess how we are doing in relation to cyber in our own organisations.   Each school/college should be doing some form of risk assessment but it would be useful to be able to take this and assess your security against other similar institutions.   In HE this could be done using the 16 questions, but would rely on universities self assessing and then sharing their findings with a body such as JISC who could then calculate the “average” preparedness for universities.  This average could then be used as a benchmark with which to compare.   For schools, rather than the JISC 16 questions, the DFE guidelines could be used in a similar fashion.

If there was one big take away from day 1 of the JISC event it was that universities, colleges and schools are all subject to similar risks in relation to cyber crime and cyber resilience, albeit with different resources available to address the challenges.    As such there is a need to collaborate more across sectors, sharing experiences and knowledge where possible.    Currently the sharing is very silo’ d, so schools and MATs share, independent schools share and universities share, but each sharing separately.   There is a need, in my view, to bring this all together.

Disaster Recovery Planning

Part of cyber resilience is considering what to do when the worst happens.    And that worst case scenario is sadly likely to inevitable at some point.    This worst-case scenario will take the form of a significant incident, a disaster from which the school or college needs to recover, and in planning for this a Disaster Recovery (DR) plan should have been created.   But what should such a plan look like?

I have given this quite a bit of thought.    Is this disaster recovery plan a long and detailed document or something much more simple and digestible?  

On one hand we might want the long document and all the details as in the event of a disaster we will want as much information as possible to help us with first isolating and managing the incident and then later with recovery.    The issue with this is that when the fire has been lit under the IT Services team due to an IT incident, the last thing anyone wants to do is wade through a long and complex document.   I have seen a disaster plan which included lots of Gantt charts with estimated timelines for different parts of the recovery, but how can we predict this with any accuracy against the multitude of different potential scenarios.   Additionally, the information you will actually need is likely to depend very much on the nature of the incident.

The flip side is the much more managable document which is easier to digest and look to in a crisis situation, when things are high stress but its shortness will lack some of the detail you may want.   That said, a shorter document will be easier to rehearse and prepare with when running simulated and desktop incidents such that staff remember the structure and are largely able to act without needing to refer too often to the supporting DR plan.   It is also more likely to be applicable across a wider range of scenarios.

The above however suggests only two options, being the detail or the brevity and ease of use, but my thinking on DR has led me to think we need to have both.    We need to have a brief incident plan which should be general and fit almost all possible incidents.    It should consider how an incident might be called and then which roles will need to be implemented including contact details for the various people which might fill each of the roles.   It should consider the initial steps only, getting the incident team together so they can then respond to the specific nature of the incident in hand.  It is the outline process for calling and the initial management of an incident.

Then we need to have the reference information to refer to which will aid in the identification, management and eventual recovery from an incident.   Now most of this should already exist in proper documentation of systems and setup and of processes, however this is often missed out.   When things are busy its often about setting things up, deploying technology or fixing issues, and documenting activities, configurations, etc, is often put off for another day, a day which often never happens.    I think the creation of this documentation may actually be key.

Conclusion

The specifics of a DR plan will vary with your context so I don’t think there is a single solution.   For me there are 3 keys factors.

  1. Having a basic plan which is well understood in relation to calling an “incident” and the initial phases of management of such an incident.   This needs to be clear and accessible so as to be useful in a potentially high stress situation.
  2. Having documentation for your systems and setup to aid recovery.  This is often forgotten during setup or when changes are made, however in responding to an incident detailed documentation can be key.
  3. Testing your processes to build familiarisation and to ensure processes work as intended, plus to adjust as needed.

DR planning is critical as we need to increasingly consider an incident as inevitable, so the better prepared we are the greater potential we have for minimising the impact of the incident on our school or college.

Feeling down

Have been trying to post a blog once a week but missed out last week having found things a bit of a struggle.    The end of term was manic, as I suspect it was in many schools across the UK and across the world.    I was extremely busy finding myself trying to balance a multitude of different tasks and projects.   Additionally, I was working on my personal fitness trying to complete 100km of running during October, having failed to do so during September due to a cold which had stopped me running for most of the final week. 

And so the half term arrived and my energy levels suddenly plummeted.  Exhaustion, or at least that’s what I now believe it was, kicked in.    I managed to drag myself out for a 10km run last Saturday albeit it was very broken and particularly slow however after this my energy was spent.   I suddenly found myself with little energy and little motivation to undertake a variety of personal tasks and projects, as well as work related tasks.  In fact, I found myself with little energy to undertake much at all. 

Sunday arrived and I found myself depressed.   Part of this was due to my low energy levels, and my inability to getting moving forward on things while another part was related to the fact that Saturday, and an opportunity to undertake personal tasks and achieve something, had came and went with little to nothing achieved.  The fact I couldn’t focus sufficiently to get a blog put together only added to way I was feeling and to my worsening outlook.

Monday was little better.   I had plans for a run.   My plan revolves around 4 runs per week of 6km each if I am to achieve my 100km, with my runs normally Monday, Wednesday and then Friday and Saturday.   The Monday run never happened as I couldn’t motivate myself to get up and out in the morning, with the same issue on the Tuesday.   And this lack of progress, despite my plan, further put a dampener on my mood.   

It wasnt until mid week before I was able to work to correct my mood and pull myself out of the depressive cycle which was building.   I knuckled down despite how I felt and a number of successive work tasks completed including a couple which provided a bit of satisfaction all helped to improve how I felt and my outlook.

Its Friday now and I sit on a train on the way home from a trip to London.   I feel significantly better than I did at the start of this week, but the events of the last week highlight how variable my mood and feelings can be.   When I look back a year or more my sense is that my mood is reasonably level however this is the illusion of memory;   the reality is my mood is very variable.   The challenge for me is to find ways to manage this.   This time it was putting my head down and working but I doubt that will always work.   The question then is how can I prepare and identify coping strategies for should my motivation and outlook “tank” at some point in the future.   I also think on reflection I have grown to be good at managing lots of task and managing being busy, but not so good or happy when it comes to down time, to sitting relaxing watching TV or reading a book.   Although I know these are important acts in allowing me to decompress, relax and recover, it doesn’t feel productive and therefore leads to feelings of depression.   Thinking about it, I can see why this might happy given a normal workday might see 10 or 12 items ticked of a to do list, whereas sitting through 10 episodes of binge-watch TV does quite compare in terms of a feeling of achievement.

Am not sure if this post will resonate with others but thought I would share anyway as maybe it will help others, or maybe it will just help me at some point in the future, as a reminder that things are more chaotic and variable than we remember, but that in the end most things work out. I suspect we could all do better in being aware of our mood and feelings, and seeking to better manage them.

VR and lesson self-review

Have been experimenting with ideas for the use of VR kit in schools for a while now.  So far, my focus has been on some uses in Art, uses in Design Technology plus also in History and Geography.   The other day however I thought of another possible application focussed on pedagogy and self-review.

In terms of pedagogy, one of the most powerful tools in terms of supporting improvement has always been that of peer or self-review.  Now I am not talking high pressure lesson observation here, I am talking constructive low threat observations where colleagues sit in and watch each other teach then discuss.   I remember spending time as an IT teacher watching a colleague teach History, and I remember taking much away from his approach, which was very different to mine at the time.

The challenge here however has always been that of inviting someone in to watch your lesson.   For some this can feel somewhat daunting.   It is also important to acknowledge that we are all individuals so just because someone else prefers an approach to teaching, behaviour management, etc, doesn’t necessarily mean it is right for you.  

While working with teachers some years ago this brought me to the use of video footage where a camera was placed in the room, under agreement with the teacher and then they could watch the footage back and conduct a self-review.     This largely got over the issue of reluctance or nervousness in relation to having someone else in the classroom observing.   It wasn’t however a perfect solution as video footage is the limited view it presents.   It can be focussed on the front of the room, if there is one, but that misses out the edges of the class or it could be a wide angle, but then loses the detail.    Two camera setups would help address this however result in additional cost plus setup requirements as well as the potential need to edit the footage together for review.

So where does VR come in?

My thought therefore is the use of a 360-degree camera to take the video with the camera sat in the centre of the room as much as is possible.    The footage can then be either viewed on a PC, using VLC for example which allows you to pan around, or better still uploaded to a VR headset such as the Oculus Quest 2, where the teacher can then sit virtually in their own lesson and look around as the lesson progresses.  Basicallly this allows the teacher to put themselves back in the lesson but from the viewpoint of a student, dependent on the location of the camera, but able to look around the room as needed.    Looking at Hattie’s Visible Learning research (see more here) “video review of lessons” has a high effect size of 0.88 and that would have been based on standard video camera based footage so my hope would be that 360-degree based footage would be equally effective if not more.

Limitations/Challenges

So cost is an issue here as you need the camera however the VR headset is an optional although nice to have.   The next issue is the fact that having a camera in the room may encourage students to play up to the camera, however I think this can be managed and if usage became common students would grow accustomed and therefore eventually ignore the cameras presence.

And when using the little Theta 360 camera I am currently looking to use the recording is limited to 25mins per recording which represents only a fragment rather than the full length of a lesson.

Conclusion

Now at this point this is only an idea which I am looking to experiment with.  My thinking is that anything that supports self-review of teaching and learning will have potential for significant impact.  Whether the VR element adds enough additional impact over the lower cost video solutions, I am unsure of, however I am equally unsure of the potential benefits of a more immersive lesson review experience.   

So, for now its onwards with the experimentation.