Monthly Archives: October 2016

Is end-user training for Windows 10 needed?

Gareth Johns
IT Skills Development Advisor
Cardiff Metropolitan University

The autumn IT training schedule at Cardiff Met includes a Working with Windows 10 course. It doesn’t need to. We have never run training sessions for operating systems before, so why should Windows 10 be any different?

In many ways there isn’t any need for Windows 10 training; it is easy and intuitive to use. Unlike its predecessor, Windows 8, the Windows 10 user experience is good. The attempt to unify tablet and desktop UIs has largely been abandoned – there are no more hidden menus, windows are back to being windows that can be moved and resized and, most importantly, the Start menu is back.

win10-1

 

 

 

 

 

 

The Windows 10 Start menu at Cardiff Met

 

The Windows 10 Start menu does look different to the Windows 7 version, it incorporates live tiles for example, but it will be familiar to a Windows 7 user. The Start menu “skills” (perhaps muscle memory would be a better description) developed when using Windows 7 will be transferable to Windows 10. The same applies throughout the operating system. Windows Explorer is now File Explorer. Windows Favorites have been replaced with Quick Access. They look and behave differently, but they feel the same.

So why are we running a Windows 10 course? Firstly, there are some features of Windows 10 that will help users work a bit more efficiently that are not easy to discover. Jump Lists, for example. Jump Lists provide shortcuts to recent documents and sometimes also include other actions associated with that program (e.g. Internet Explorer includes Open New Tab). Jump Lists are accessed by right-clicking on a tile on the Start menu or Taskbar and can save users a few seconds when opening documents (the cumulative effect of which is considerable). But few users are aware that they exist, our training course will remedy that.

Secondly the course will give Cardiff Met staff time to acclimatise to, and build confidence in, the new OS. Frequently we use new software similarly to the old version. We proceed in the way we also have, because we don’t have time to step back to see if there is a better way to do it. The Working with Windows 10 course will hopefully give staff the time they need, with help available if they have any questions.

win10-2

 

 

 

 

OneDrive for Business is part of the Windows 10 upgrade at Cardiff Met

The third reason for developing a course is that our Windows 10 software “build” includes new software and services, so the training is not just about Windows 10. We are offering Skype for Business for the first time, Office 2013 has become Office 2016 and, crucially, OneDrive for Business replaces SharePoint My Sites. Our training course includes all these elements and allows staff to see how these new services work together in the Windows 10 environment.

The course also addresses one of our long-standing goals, sharing IT “Best Practice” with existing staff. Our IT induction programme achieves this for new starters; we advise them where to store documents, alert them to issues around account security and share practical tips for managing email. But up until now there has been no avenue for sharing this advice with existing staff – Working with Windows 10 allows us to do that. Hopefully staff will view the software upgrade as an opportunity to adopt Best Practice, and will finally find time to move their documents from hard drives to OneDrives!

The training will be available as an e-learning module, created using the excellent Adapt Builder and as a face-to-face course. Staff will be required to complete one form of training as part of their upgrade to Windows 10.

If you are interested in finding out how the training is received, I’ll be running a webinar for the community towards the end of the year, keep an eye on the Events page for details. In the meantime if you have any thoughts or comments, please share them below or catch me on Twitter @GarethPJohns

Getting into the zone for Educause 2016

liz_ellis

 

 

Elizabeth Ellis
Product Development Manager
Learning Innovation, Learning and Teaching Solutions,
The  Open University

So, here I am, in a hotel in Anaheim, California, getting into the zone for my first Educause experience. To say that Educause has been a bit of a holy grail for me conference-wise would be an understatement. All the information I’ve received about the conference from colleagues who have attended before has been that it is a unique intersection between edtech, IT, and learning and teaching practice.

I’ve identified already the tracks

that I’m going to focus on and which have the most immediate relevance to my work. I’m hoping to bounce between ‘Driving Innovation in Teaching and Learning’ and ‘Transforming the Student Experience’. As a product development manager in Learning Innovation/Technology Enhanced Learning at The Open University, you get used to having to slightly squint to see the direct relevance of approaches, methods, and findings to your own situation. But increasingly over the last few years, that squinting has had to become less and less as the sector has moved more into the OU’s realm of Supported Online Learning (SOL). So, I’m very much looking forward to seeing what the sessions have to offer.

My work in particular over the last year has come to focus not just on the development of new tools and technologies for our students to use, but also on new methods to involve them in that process, in an appreciative and empathetic way.

Perhaps the most challenging part of these types of events is running the vendor gauntlet. But this time I’ve come prepared, and have put some thought into the sorts of criteria I can use to make assessing new technologies more useful over the long term (and also make reporting back to my colleagues more helpful).

  • Is this technology a disruptive or incremental innovation
  • Does this technology support:
    1. Participative learning (students contributing in non-assessment ways)
    2. Learning to learn (students becoming more digitally confidence and creative)
    3. Deeper engagement with learning materials (new strategies for immersive learning)
    4. Collaborative learning (the ongoing curse and joy of group work)
  • Does this technology demonstrate:
    1. Improvements in student attainment
    2. Improvements in student progression
    3. Improvement in student retention

At the very least, it will hopefully spark a useful conversation or two.

 

EU-GDPR: Using the fear stick is missing an opportunity

The General Data Protection Regulation is scheduled to come into force in May 2018. As it will be EU Law before the process to leave the EU is completed, it will be one of the pieces of legislation that will roll over into UK law. In this article that was first published on LinkedIn, Craig Clark, Information Security and Compliance Manager at the University of East London, highlights the opportunities GDPR presents.

For those that have worked in privacy for a long time, the path towards the final draft of the General Data Protection Regulation has been incredibly long (2011) and at times frustrating. Now that the count down is well underway, CIO’s, Information Security types and those in IT or legal functions seemingly can’t escape the barrage of GDPR related content on their news feeds and meeting agendas.

I have kept a close eye on how the GDPR compliance issue is being pitched by vendors, lawyers and GRC consultants and in an overwhelming number of cases the key point they want to drive home is the increased penalties for non compliance – usually with a headline similar to : IF YOUR ORGANISATION DOES NOT COMPLY WITH THE GDPR THEY COULD BE FINED €20 MILLION!

While this is technically correct it is entirely misleading, not least because the next line should read (or 4% of annual global turnover, whichever is higher). The GDPR is about much more then penalties, fines and liabilities. While one of the core aims is to enhance the protection of Data Subjects with an significant increase in their rights, there are many potential benefits for organisations. The problem is that by leading with a large negative, there is a serious risk that the advantages the Regulation offers are going to be overlooked.

Lets take a look at some key advantages:

Improved Records Management

Perhaps the most obvious benefit is that the GDPR presents an opportunity to explore and refresh how you gather, store, and use and delete data. This is a chance to unleash real business value out of all that personal information you currently curate, often, at the moment, for no other reason than because it is there. This leads to huge costs of storing unnecessary data and the complex challenge of now trying to unravel what they need to store for business purposes. By employing data minimisation, and ensuring that data subjects data can be kept up to date as a matter of design, organisations could benefit from:

  • improved efficiency in customer interactions
  • reduced data storage costs (electronically and physically)
  • less wasteful marketing campaigns that use out of date information
  • lower security risk due to less personal data on file
  • lower likelihood of regulatory intervention
  • Development of Trust

    For many organisations trust is the hardest virtue to instil in its customers and the first thing to be lost when things go wrong. If we take the TalkTalk data breach as a classic example, their customer base significantly reduced in the immediate aftermath of the data breach and despite major changes to their Information Security practices, this has had a significant impact on their customer numbers and subsequently the forecasts they can make about future performance. Quite simply people no longer trust them.

    By mandating the need for improved security and reporting organisations have the opportunity to show that they take the security of customers data seriously. After all without that data, what would the business be? By actively demonstrating a willingness to comply with and embrace GDPR organisations will demonstrate a strong commitment to their customers and keep them coming back, protecting and growing the organisational brand.

    Improved Operational Effectiveness

    One of the most positive aspects that can be taken from GDPR is that it allows business to fully champion a risk-based approach to Information management. This means that whilst the rules are the same for everyone, how these rules are applied will largely be up to the organisation to decide depending on the level of risk that a given data activity presents for people’s privacy. Many of the obligations in the GDPR can be implemented in varying degrees depending on the risk appetite. This means that organisations can choose to implement procedures and practices based on their business and the level of privacy they need to provide, rather then implementing procedures for the sake of it. This could be regarded as a source of uncertainty for the C-Suite but in practice, the risk-based approach is what will make the GDPR not only effective but fair.

    Pulling it Together

    Once an organisation has looked past the headlines and begins to scope out how they are going to achieve compliance, the obvious question is “Where do I start?” Make no mistake, GDPR compliance will be complex for medium to large enterprises but there is a path through it. One of the first things organisations should look at is the ICO document 12 steps to take now. This guide will allow organisations to being planning and feeding in their specific requirements. Once the initial plan is outlined it is my view that the smoothest path to compliance is to integrate a Personal Information Management System (PIMS) into the current business model. For organisations that utilise an Information Management System (ISMS) such as ISO27001 this will be familiar territory. For those that do not, the current PIMS standard in the UK is BS10012:2009 however BS10012:2016 is being rewritten to include the requirements of the GDPR. Implementing this standard will allow an organisation to benchmark personal information management practices with recognised best practice. Crucially, it will also allow organisations to produce auditable evidence on their data privacy practices and go a long way to satisfying the Information Commissioners Office that organisations take on board that data privacy is no longer ‘best efforts’.

    New Prevent guidance – challenges and considerations

    Last month saw HEFCE issue a revision of their framework for monitoring of the Prevent duty in higher education institutions in England. The revised framework places a clear onus on institutions to evidence that they have followed due process when considering their Prevent duty. Further it is worth considering the Prevent duty and the implications of the monitoring requirements when reviewing institutional policies.

    Although the HEFCE Framework has been updated, the Home Office guidance underpinning it has not altered since the initial framework was published. Paragraph 27 of Home Office guidance states the there is an “expectation that institutions will have policies around general usage […] we would expect these to contain specific reference the statutory duty”. It is pleasing to see that the Advice note (also updated) that accompanies the updated Prevent monitoring framework points to the UCISA Model Regulations and the suggested amendment to accommodate the Counter Terrorism legislation.

    Paragraph 27 goes on to state that institutions “should consider the use of filters” as part of their overall strategy to prevent people from being drawn into terrorism. The HEFCE framework places more emphasis on the need “to consider” by directing providers to provide specific comment on “their approach to web filtering in relation to the Prevent duty, particularly where a decision has yet to be taken at the time of the provider’s previous submission to HEFCE”. The Advice note asks “What factors were taken into account when considering whether and how to use filtering to limit access to harmful content? Has a final decision been taken on web-filtering and how has this been reflected in IT policies and communicated to staff?” (interestingly the framework doesn’t ask for evidence on how it has been communicated to students). What is important is that institutions should take a risk based approach to assessing whether or not they should implement filtering and use the conclusion from those discussions in their evidence to HEFCE.

    So what are the potential impacts on policies (and in this regards, the regulations on the use of IT facilities and the network should be regarded as policy)? If there is no filtering then it needs to be clear in the regulations (for both staff and students) that the network is monitored and that any research that may access material of an extremist nature will require specific approval (for example, through a research ethics committee). That approval is still needed if filtering is in place but in that instance it will be required in order for IT service departments to have authority to turn filtering off for given individuals or research groups. There remains a concern that if there is a public statement to the effect that filtering has been turned on, those of inquisitive mind will look at ways of circumventing it and those who are at risk of being drawn into extremist activities will seek other ways of accessing such material.

    Finally the Advice note suggests that HEFCE is looking for further evidence of IT policies to provide oversight of websites and social media output across the institution, asking about arrangements for managing both institution’s ‘branded’ websites and social media and for student union (and their societies) websites and social media to ensure that they are not used to promote extremist materials or activities. A blend of approaches is probably needed here. The regulations for use of institutional IT facilities should give adequate coverage for institutional websites – they are likely to be established using institutional resources and maintained by institutional staff. If not, then it may be necessary to include specific Prevent related conditions into contracts where website content is maintained externally. There need to be named individuals (or groups of individuals) with responsibility for officially sanctioned social media accounts who will be bound by the regulations (as outlined in the Social media for staff legal checklist published by Jisc and included in the UCISA Social Media Toolkit). It may be necessary to come to separate arrangements for Students’ Union – they are often separate legal entities and their services may not be hosted by the institution. In these instances, there may be reliance on clauses relating to bringing the institution into disrepute to take action against an individual (which may or may not be an IT regulation issue) or specific agreement (such as within a tenancy agreement) with the Student Union to ensure monitoring takes place.

    Peter Tinson
    Executive Director
    UCISA