Information Management Strategy framework and data security What do we mean by data security and managing data securely? Topic covers a whole range of areas from encryption to labelling to complying with the Data Protection Act, but ultimately the aim is to try and minimise the risk of these sorts of things happening or if they do happen to minimise the harm or distress that could be caused to individuals.
Not the start, but when the public first heard about data security in a big way. ICO – Richard Thomas is reported to have said that HMRC has saved him millions in his marketing budget such a big mistake has publicised the issues of data protection in a very effective (but concerning) way
Cabinet Office guidance So what has the government done: •Home Affairs Select Committee –Surveillance Society •HMRC –Kieran Poynter (PWC) and IPCC •MoD –Sir Edmund Burton •Data Sharing –Thomas / Walport May have heard of the Hannigan letters this review was published in June last year as the Data Handling in Government report –Sir Gus O’Donnell, Cabinet Secretary And these requirements have recently been augmented to become the Security Policy Framework Security policies There are seven security which outline the mandatory security requirements and management arrangements to which all Departments and Agencies (defined as including all bodies directly responsible to them) must adhere. Governance, Risk Management and Compliance Protective Marking and Asset Control Personnel Security Information Security and Assurance Physical Security Counter-Terrorism Business Continuity Final report on Data Handling Procedures across government Cross Government Actions: Mandatory Minimum Measures
Recent data loss of 1400 FE students in Scotland
A memory stick found in a petrol station containing personal information relating to children with special needs.
Information Management Strategy framework Data security good practice guides Schools are drowning in data. But is it being used effectively and are they aware of their responsibilities in protecting it? There has always been a need to transfer data but increasingly there is a need to deliver for real time information from different systems online. Parental reporting, 14-19 Diplomas are just two examples. Opening question How well do your schools use and protect their data? This presentation covers 2 topics The Information Management Strategy framework – a set of posters and guidance available to schools and LAs designed to help schools make more effective and secure use of their data. The Data Handling Guidance – good practice guides showing technical solutions and processes that should be put in place and followed to help minimise the risks associated with data loss
The Information Management Strategy framework helps schools respond to the need to manage increasing amounts of data effectively and securely allows schools to assess their position and develop a strategy developed with local authorities and schools works with existing tools covers all areas of information management including security A number of LAs were involved in the development of this framework – Barking & Dagenham, Lancashire, Birmingham, Bedfordshire and Berkshire It is designed to give a high level view of information management including Information Risk Management and Data security
How Becta frameworks work together Parental engagement framework Framework for ICT support Self-review framework Impact on learner outcomes Learning and teaching Professional development Curriculum Resources Impact on the learner is the reason that we use ICT in schools. This effectiveness of the impact of ICT on the learner is directly affected by four elements: curriculum, learning and teaching, assessment and extending opportunities for learning. These four elements are reliant on well developed and robust resources (infrastructure and software) as well as people (professional development). The vision and the implementation for the whole system is underpinned by the leadership and management. Experience shows that schools often will feel constrained by the limitations that might exist in resources and professional development. Often these are seen as obstacles preventing the development of the learning environment and making the complex change that will impact on the learner. The other frameworks are designed to give a more detailed view of topics that are in SRF Parental Engagement FITS (Framework for ICT Technical Support IMS Framework Assessment Extending opportunities Leadership and management Information Management Strategy framework
Information management system The need for a strategy Security Information management system SEN Learner details Assessment Attainment Free school meals Finance Staff details Progress reports Local Authorities Learners Parents Diploma providers There is a great increase in the demand for data in schools - internal school requirements to monitor assessment and attainment, school management, external data requirements – RAISEonline. There is also a need to move data securely outside the school – DCSF, parents for reporting, LAs, other agencies. Recent requirements for Diplomas and parental reporting have highlighted the need for an effective Information Management Strategy. DCSF Agencies
Objective To help schools make more effective use of data and develop an information management strategy
Why? Raise awareness of information management and security issues in schools Provide better evidence to support discussions with LAs, Ofsted, school improvement partners, governors… Enable more efficient tracking of learner progress and achievement Provide better monitoring and setting of targets Enable faster response to attendance and behaviour problems Provide effective communication with parents on progress A key item on this list is to raise awareness in schools of IM and security issues and to raise it in the leadership priority list By using the IMS framework schools will be able to make more effective use of their data on pupil performance. Ofsted and the Primary and National Strategies regard this as “an essential part of the school improvement process and is one of the key levers for change.” (Primary and National Strategies)
A B C D Using the framework Underpins learning and teaching Little in place 05 04 03 02 01 Underpins learning and teaching A Leadership and strategy B Capacity and capability C Effectiveness and efficiency D Data management Barking and Dagenham, Lancashire, Hertfordshire, Bedfordshire and Birmingham all helped Becta to develop this framework. The framework has four key strands: Leading an information management strategy Developing capacity and capability Gaining effectiveness and efficiency Improving data management Each strand is divided into five levels of 'maturity', with short statements enabling schools to assess their current practice and identify the steps they need to take to progress further. In addition to details on how schools need to tackle issues such as data security, sharing information and professional development, the guidance also highlights the importance of adopting a whole-school approach and involving partners and the wider community.
Developing Strategy and vision Implementing Risk Requirements Support Information management strategy Developing Strategy and vision Implementing Risk Capacity and capability Requirements Support Suppliers Training Effectiveness and efficiency Benefits Improving management Effectiveness Impact Data management Quality Processing Security Sharing Contents of each strand
Framework content Example sheet of the IMS framework
suggested possible sources of evidence Supporting materials guide for each strand suggested possible sources of evidence hint and tips on possible actions further help and information guidance booklet for local authorities Guidance for schools AND Guidance for LAs So local authorities with their own support teams can use the framework to establish a baseline position for their schools. This can help to focus resources and support on areas where it is most needed. For example, local authorities could use the framework to support information management improvement workshops for schools.
Leading into the discussion on security this shows the “information risk management” aspect of the “leading an information management strategy” strand. Has your school considered the sensitivity of the information you hold and identified who owns the data? Are there procedures in place to control access to certain information? Are all users aware of their responsibilities?
And also the item on data security on “improving data management”. Has a suitable person been identified to own the risk – a “Senior Information Risk Owner”, have data security policies and procedures been developed and understood by some, most or all stakeholders? Do you have a data security policy in place?
Becta Data handling security guidance Keeping data secure, safe and legal Data encryption Audit logging and incident handling Secure remote access Dos and Don’ts Key elements of data handling good practice embedded into “Leading an information management strategy“ and “Improving data management” strands. More detailed good practice guidance available from Keeping data secure safe and legal – aimed at school leaders. An overview of what schools need to do to comply with existing legislation and introduces 4 more technical good practice guides looking at how to label documents and systems containing personal or sensitive data; how to protect and securely destroy sensitive data; how to keep audit logs to provide evidence of accidental or deliberate security breaches including loss of protected data; and how to securely access sensitive data remotely. There is also guidance for LA’s on the LGA website. Available from
More information Contact Online community Web