+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 22
General Chat Thread, Ofsted and drive encryption in General; I've just been told by a supplier that under the new Ofsted inspections if your hard drives aren't encrypted you ...
  1. #1

    Join Date
    Mar 2012
    Location
    Devon
    Posts
    243
    Thank Post
    0
    Thanked 21 Times in 18 Posts
    Rep Power
    12

    Ofsted and drive encryption

    I've just been told by a supplier that under the new Ofsted inspections if your hard drives aren't encrypted you lose a point.

    Has anyone else heard this?

  2. #2

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,242
    Thank Post
    1,461
    Thanked 2,524 Times in 1,757 Posts
    Rep Power
    756
    We were Ofsteded recently and this wasnt mentioned. It isn't a legal requirement as far as I know

  3. #3
    Cache's Avatar
    Join Date
    Apr 2008
    Location
    Cumbria
    Posts
    1,259
    Thank Post
    471
    Thanked 181 Times in 178 Posts
    Blog Entries
    3
    Rep Power
    66
    We were inspected in May and Ofsted never came anywhere near the IT side of things so they wouldn't know.

    As an academy on the other hand (and as a maintained school by the LA audit's actually) our backup procedures came under scrutiny and the Academies Financial Handbook mentions that all backups should be securely stored (and I'm pretty sure it mentions encrypted too).

  4. #4


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Technically this is true under the new framework but in reality most ofsted inspectors are not qualified to actually inspect schools and seem to award points arbitrarily based upon some sort of political judgement. As usual they never came near our IT dept when we last saw them.

  5. #5
    CAM
    CAM is online now

    CAM's Avatar
    Join Date
    Mar 2008
    Location
    Burgh Heath, Surrey
    Posts
    4,301
    Thank Post
    870
    Thanked 405 Times in 306 Posts
    Blog Entries
    60
    Rep Power
    289
    For small and easily stolen/misplaced devices (such as laptops, tablets and any removable media) then yes, they should be encrypted if used to store confidential information. For desktop machines this isn't as necessary AFAIK since they are somewhat harder to steal short of a full late night break-in. For extra protection, desktops can be forced to save files on a network drive so the data is actually held in your locked and bolted server room, no data leaves with the stolen device.

    EDIT - I should note that even with files stored on a network drive, temp files containing sensitive data can still be generated and not cleared properly or files accidentally saved in the wrong place. Full disk encryption helps to mitigate the loss of these files if the device is stolen.
    Last edited by CAM; 25th July 2013 at 12:31 PM.

  6. #6

    Join Date
    Mar 2012
    Location
    Devon
    Posts
    243
    Thank Post
    0
    Thanked 21 Times in 18 Posts
    Rep Power
    12
    The only thing our users store on their laptops are offline files. I'd better double check they're encrypted!

  7. #7

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,609
    Thank Post
    729
    Thanked 1,688 Times in 1,502 Posts
    Rep Power
    433
    I wonder what that supplier is trying to flog you

    Ben

  8. #8

    Join Date
    Mar 2012
    Location
    Devon
    Posts
    243
    Thank Post
    0
    Thanked 21 Times in 18 Posts
    Rep Power
    12
    Quote Originally Posted by plexer View Post
    I wonder what that supplier is trying to flog you

    Ben
    Yes, that was my immediate thought too!

    I shall be mentioning the replies here about recent Ofsted inspections when they call back.

  9. #9
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    896
    Thank Post
    84
    Thanked 235 Times in 194 Posts
    Rep Power
    82
    There is NO mention of the word encrypt or encryption anywhere in the OFSTED School Inspection Handbook Sept 2012. There is also no mention of it in "The Framework for School Inspections" published in April 2013.

    However... in the Sept 2012 Briefing for Inspectors, encryption is mentioned... as in a lack thereof can be constituted an indicator of inadequate eSafety practice (refer to "Inspecting e-safety", Ref 120196, rel. Apr2013)

    I suspect that it's down on paper to satisfy the ICO for whom encryption is considered a necessity for Data Protection purposes, but in reality no inspector is clued up / qualified enough to determine on-site whether you've encrypted relevant devices or not other than just taking your word for it / making note that the word "encryption" crops up somewhere in your eSafety policies.

    So, make of all that what you will. We ALL know that any laptops / usb sticks / devices likely to be leaving school property SHOULD be encrypted...

  10. Thanks to Marci from:

    Vintage82 (31st July 2013)

  11. #10

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,006
    Thank Post
    1,854
    Thanked 2,302 Times in 1,701 Posts
    Rep Power
    821
    Quote Originally Posted by Tall_Paul View Post
    I've just been told by a supplier that under the new Ofsted inspections if your hard drives aren't encrypted you lose a point.

    Has anyone else heard this?
    Rubbish!

    We have just had Ofsted in at our Governor school and it wasn't even discussed. It sounds like a sharp salesmansip to me. (being polite about the sales drone here)

  12. #11


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by Marci View Post
    There is NO mention of the word encrypt or encryption anywhere in the OFSTED School Inspection Handbook Sept 2012. There is also no mention of it in "The Framework for School Inspections" published in April 2013.
    Quote Originally Posted by elsiegee40 View Post
    Rubbish!

    We have just had Ofsted in at our Governor school and it wasn't even discussed. It sounds like a sharp salesmansip to me. (being polite about the sales drone here)
    It's under the e-safety section:
    Ofsted | Briefings and information for use during inspections of maintained schools and academies
    in the file called "inspecting e-safety.doc"

    It states "Indicators of inadequate practice: Personal data is often unsecured and/or leaves school site without encryption."
    Technically this will score you a 4.

    but like I said: The VAST majority of inspectors don't seem to understand their own frameworks, or completely ignore them.

  13. #12

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,006
    Thank Post
    1,854
    Thanked 2,302 Times in 1,701 Posts
    Rep Power
    821
    The mention of encryption comes under "Indicators of Inadequate Practice" and says:

     Personal data is often unsecured and/or leaves school site without encryption.

    This is not the same as encrypting all your hard drives!

    As mentioned earlier, stuff that goes offsite should be encrypted and everyone should be aware of that. Stuff onsite, has to be secured, but not necessarily encrypted.

    EDIT

    Ofsted definition of encryption from the same document (my bold)
    Computer programme that scrambles data on devices such as laptops and memory sticks in order to make it virtually impossible to recover the original data in event of the loss of the device; schools often use this to protect personal data on portable devices.
    Last edited by elsiegee40; 25th July 2013 at 03:01 PM.

  14. #13


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Yeah. I though this is what we were talking about - encrypting hard drives ?

  15. #14

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,242
    Thank Post
    1,461
    Thanked 2,524 Times in 1,757 Posts
    Rep Power
    756
    Quote Originally Posted by CyberNerd View Post
    Yeah. I though this is what we were talking about - encrypting hard drives ?
    There are hard drives on PCs in the school and these do not need to be encrypted. Portable devices would be laptops and memory sticks etc
    We dont encrypt anything and all the staff have laptops which go off-site. Ofsted didnt mention it.
    I have mentioned it many times with no success

  16. #15


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by witch View Post
    There are hard drives on PCs in the school and these do not need to be encrypted. Portable devices would be laptops and memory sticks etc
    We dont encrypt anything and all the staff have laptops which go off-site. Ofsted didnt mention it.
    I have mentioned it many times with no success
    I know. The whole ofsted thing is utter BS because if they never stick to the critera schools can only ever get an arbitrary score.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. USB Drive Encryption
    By danrhodes in forum Windows
    Replies: 17
    Last Post: 20th April 2010, 02:50 PM
  2. USB Drive Encryption on Macs
    By enjay in forum Mac
    Replies: 13
    Last Post: 2nd March 2010, 02:44 PM
  3. Replies: 61
    Last Post: 18th December 2009, 12:50 PM
  4. Card Readers and Drive Mapping
    By mmoseley in forum Network and Classroom Management
    Replies: 12
    Last Post: 7th August 2007, 11:33 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •