Is there a Washing Machine Available??

I organised an event this week for representatives of Scotland’s Colleges, Higher Education IT Directors Scotland (HEIDS) and the Scottish Confederation of University and Research Libraries on the subject of developing mobile “apps”. We had a good turnout – about 50 people from across the sectors. The main idea of the event was to hear from some real world examples how some institutions had approached the development of mobile services, and to see how we might share ideas, expertise, or effort as more institutions start to create their own mobile services. It seems that a number of institutions have made a good start in developing mobile services, whilst others (the majority I would say) are either on the starting blocks or planning their way to the starting blocks.

We had great presentations – they are all online, have a look at them for more detail. The presentations were from Edinburgh’s Telford College, the University of Edinburgh, and Stirling University, followed by some breakout sessions to figure out where we might collaborate in future.

Most institutions felt that enhancing the student experience and the online learning environment were their priorities. They want to avoid the trap of just putting online information that is already on the web. The experience of those who have developed apps is that students are looking for quick access, bite size, time / location sensitive information and services well suited to mobile access situations.

Location based information is popular, so maps figure a lot. One of the most popular services seems to be information on where the nearest available PC is – ironic as we look to mobile technology to displace PC’s for some uses! Edinburgh University have tall buildings, so they are looking to future devices to have altitude sensors as well as traditional location indicators. Don’t laugh – where you have tall library buildings this is a real issue.

One of the tricks is to think about how services that we might not have imagined with traditional technologies. Students at Lancaster University halls of residence were frustrated because half the time when they went to the laundrette all the machines were in use. So, as part of their mobile app development the University hooked up sensors on washers and dryers to their network and published availability on their app. The students love it!

Extending the online learning environment also featured strongly. Access to learning materials, and also the ability to look up library catalogues, check availability, reserve and book online.

Some institutions are looking at exploiting other features of mobile technology, including their potential uses for cash payments and to act as an ID card for attendance monitoring. Attendance monitoring is a real challenge for many institutions. With automated card-based systems, students might be tempted to give their card to a friend so that the friend can swipe them in and it looks as if they have attended the class. However, when asked if they would part with their mobile phone for this devious purpose – no way!

At the end of the event, we agreed a number of ways in which it should be possible for institutions to collaborate – more on this in a future blog as things start to take shape.

Andy McCreath

 

Advertisements

OOPS!

We have someone whose first name is Gavin working in IT Services. There is also someone whose first name is Gavin who works in another institution. I sent an e-mail some time back asking “our” Gavin to do something for me. You can guess what happened – yes, I sent it to the Gavin who works at the other institution because Outlook kindly offered me a list of “Gavins” and not paying attention I clicked on the wrong one. Amazingly, he agreed to do what I asked!

That’s a light hearted illustration of the perils of e-mail. It gets more serious of course if you are e-mailing something confidential or personal. I am well through the process of drafting a new data protection policy to govern the use of mobile media and devices – it’s relatively straight forward until you try to figure out what to do about e-mail. In an ideal world we could say “don’t send confidential or personal information by e-mail” – end of story. The reality is that the convenience and speed of email means that many people do end up using it even for some confidential or personal data. There’s no point in having a policy that says “don’t” if the reality is that people are going to ignore it.

What are some of the issues? With more and more people using a variety of devices to access their e-mail, you cannot be certain how secure will be the environment used by the recipient of your e-mail. In addition, e-mail is easily misdirected by accident (as I discovered when emailing Gavin) and email accounts are sometimes monitored by people other than the recipient (e.g. a personal assistant). Some people forward their e-mail to personal accounts. Many people access their e-mail on mobile devices, which may not be fully secure, and an e-mail you sent with all that juicy confidential information may remain on the recipient’s device for some time – possibly a VERY long time. The risk is therefore not just at the time when you send the e-mail.

Bottom line – when you send an e-mail you have absolutely no idea where it might end up and you relinquish control as soon as you press “send”.

Ultimately, our policy will probably have to accept the reality that some personal and confidential information can be shared by e-mail. I’ll probably suggest that wherever possible you should avoid sending personal data by e-mail. If you must, then the policy is likely to stress the importance of taking reasonable steps to make sure that the recipient’s e-mail environment is likely to be secure.

You should certainly NEVER send bulk personal information by e-mail. For example a list of students, with their names, addresses, dates of birth etc. That’s just asking for trouble.

If you need to communicate electronically in relation to bulk personal data then there are secure ways to do this. For example, place the personal data in a secure location (e.g. on a shared folder to which only authorised people have access) and then send an e-mail to tell the recipient that the information is there.

Watch out for the new policy . . .

IT Strategy – Governance

This can sound like a dry subject, but it’s really important – and it concerns all of us!

IT Governance Extract from Strategy Map

Many will know from experience or from reports in the news how transforming IT can be when it hits the right spot, but also how IT projects and services can go wrong. Across the University, if you add up all the people costs, software licences, IT Equipment (servers, PC’s, printers, network, gadgets), support contracts etc – we spend at least £4m per annum on IT one way or another. In this new strategy, we are putting a stronger emphasis on Governance. Put simply, we need to make sure that we get the best value out of that annual £4m, that this spend supports the strategic aims of the University, and that we successfully manage risks and security in an ever more complex world.

Adopting the “ITIL” standard (IT infrastructure Library) will be a key foundation of this. ITIL is a widely adopted approach to IT Service Management, used across the world in the public and private sectors, as a tool for successfully identifying, planning, delivering and supporting IT Services to meet the aims of the organisation. It’s not just a tool for IT Services, it’s a broad framework that will allow us to drive continuous improvement and make effective decisions for the University.

We will pay particular attention on the proper authorisation routes for commissioning new IT developments. Many IT services are available externally – sometimes at low cost or “free”. But, they all can carry risks, none are truly “free” and they all need to be stitched together so that our staff and students have a coherent IT experience and we don’t accidentally duplicate anything. Sometimes, it is as important to say “no” as it is to say “yes”!

We also want to constantly remember the business case for each development so that we keep at the forefront the overall University objectives and make sure we know that these have been met.

In relation to IT – the management of risks has never been more important. It is anything but a box ticking exercise – we face real and constantly evolving threats on a daily basis to our existing infrastructure, and there are always potentially significant risks to consider when embarking on new IT developments. There are risks that our systems may fail. There are risks that may prevent IT developments from achieving their objectives. And there are wider risks that can be exacerbated by weaknesses on IT controls. As I write this, I see that a hospital trust has been fined £325,000 after confidential patient records were stolen from old computer drives that were not properly disposed of. IT Security rules and procedures can feel like a pain but when something goes wrong we realise their importance, so let’s not learn the hard way.

Paper – from Mountain to Molehill

With the advent of the computer age, many people have heralded the anticipated demise of paper. A quick look on Google, however, reveals that according to the Mail Online paper consumption globally has increased by almost half since 1980!

However, achieving a reduction in paper storage still remains an aspiration for us, and particularly at RGU with a move to a new modern Campus building the thought of moving all that paper, never mind where to put it, presents a great opportunity to get rid of it. Over the past few years, our Records Manager, Keith Fraser, has developed a records management strategy for the University and has been working with Schools and Departments to help them with their approach to records management.

A key priority has been to work with the Schools who are moving into the new Campus building, to make sure they are reducing as much as possible their paper filing. One of the early achievements in the records management strategy was the creation of the Master Retention Schedule, or MaRS as it has become affectionately known.  Based on advice from a whole range of sources, this set of documents tells you what you can destroy, and when. It also tells you what you need to keep and for how long.

Using MaRS, Schools are making great progress in eliminating unnecessary paper stores. Our School of Pharmacy and Life Sciences, for example, disposed of 200 bags of paper in the last 12 months.

One thing that became clear, however, was that student files represent about 70% of all paper storage in the Schools. These include:

  • UCAS Forms
  • Medical Certificates
  • Transcripts for each year
  • Email and letter correspondence
  • Private and Confidential Correspondence
  • Withdrawal / Suspension Confirmations from Student Administration
  • Industrial Placement Forms
  • Completed Exam papers in circumstances where special exam was sat. etc
  • Absence forms
  • Record of personal interviews
  • Withdrawal / suspension forms (signed by staff)
  • Fitness to practice information  etc

These paper files can be disposed off once students have left, but that still leaves a lot of paper for students who are here for 4 years. So, we have decided to add an electronic document management module to our student records system.

The new module has been purchased and installed, and what we are doing at the moment is scanning all the paper records into the student record system. Our internal graphics and printing department, “The Gatehouse”, are doing the scanning – and it’s not a simple process. The original paper records have to be bar coded with the student ID number, and then the scanning can correctly match them up to the student entry in the system. For the first 3 Schools (School of Computing, School of Engineering, School of Pharmacy and Life Sciences), that’s about 1,700 student files but the Gatehouse is making great progress. Once these are done, we’ll look at the remaining Schools – that’s about another 5,500 student files.

Once this is done, properly authorised staff can look at the student record for any student and see digital copies of all the paper records for that student. The actual paper originals can then be securely disposed off and we will have eliminated a very substantial storage of paper from across the Campus.