+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 26
Hardware Thread, New ICT Services Framework in Technical; ...
  1. #1
    crispinw's Avatar
    Join Date
    Mar 2007
    Location
    Dorset, England
    Posts
    59
    Thank Post
    6
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    New ICT Services Framework

    Hello,

    I am engaged in a number of conversations about the renewal of the old Becta ICT Services Framework, regarding which the DfE and the Government Procurement Service are currently consulting with industry.

    I would be very interested in any feedback from Edugeek members about your experience or perception of major infrastructure procurement in schools and colleges. Relevant questions that occur to me are:

    * How easy is it to procure significant ICT infrastructure for your school/college?
    * How useful was the old ICT Services Framework (or indeed frameworks in general)?
    * How easy is it to get reliable advice about (a) what to buy, and (b) how to buy it?
    * To what extent do you think your local requirements could be standardised (assuming that was a participative process) and to what extent do you feel that your local requirements are unique?
    * What are the main pitfalls that you need to guard against when procuring significant infrastructure (e.g. companies that go bust, proprietary lock-in, lack of pricing transparency, poor requirements analysis...)
    * What is your perception of the benefits of aggregated procurement as a way of saving money?
    * How important are OJEU (EU) procurement rules, which kick-in for public procurements valued at more than £150K?
    * How easy is it to get information comparing the performance and value of competing products?
    * How valuable would it be to have a "G-Cloud for Education" - i.e. an online catalogue of IT products for education, with transparent pricing, certifications and star-ratings?

    ...and any other questions that occur to you.

    This is not a scientific survey, of course, but if people are prepared to post their thoughts and experiences in reasonable numbers, I would be happy to do some legwork collating them, so that they can be shared with the DfE, the Governmnt Procurement Service, and other interested parties.

    While the current consultation is about the ICT Services Framework, the Information Management and Learning Services Framework will also come round for renewal in a couple of years and some of the same questions might apply again.

    Thanks for any feedback you can give,

    Crispin Weston

  2. #2

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,837
    Thank Post
    783
    Thanked 551 Times in 431 Posts
    Rep Power
    261
    I may come over a little prickly on this subject, but I am not a fan of any kind of structure. I've also come into the industry after the demise of Becta.

    I want total freedom to be able to buy whatever I can afford, whenever I want from whichever supplier offers me the best deal, and by best deal I don't just mean cheapest, I mean best value.

    To answer your specific questions:

    * How easy is it to procure significant ICT infrastructure for your school/college? Really easy, I have companies throwing themselves at me
    * How useful was the old ICT Services Framework (or indeed frameworks in general)?[i] I never used it, it had gone by the time I arrived[/i}
    * How easy is it to get reliable advice about (a) what to buy, and (b) how to buy it? a) It's virtually impossible to get sound advice, we have to read everything, speak to others and satisfy ourselves it is suitable. Making those decisions is why as NM's we are worth our wages, but point b) buying it is easy, refer to answer for first question!
    * To what extent do you think your local requirements could be standardised (assuming that was a participative process) and to what extent do you feel that your local requirements are unique? I'm sorry, I don't think there is a standard requirement.
    * What are the main pitfalls that you need to guard against when procuring significant infrastructure (e.g. companies that go bust, proprietary lock-in, lack of pricing transparency, poor requirements analysis...) Mainly ensuring continuity of support, which is easiest to achieve by choosing commercial solutions that are well understood and widely supported by industry
    * What is your perception of the benefits of aggregated procurement as a way of saving money? I have no experience of this
    * How important are OJEU (EU) procurement rules, which kick-in for public procurements valued at more than £150K? I don't tend to pay them any attention, I do whatever offers best value
    * How easy is it to get information comparing the performance and value of competing products? pretty easy, but still you have to ensure the solution satisfies your criteria
    * How valuable would it be to have a "G-Cloud for Education" - i.e. an online catalogue of IT products for education, with transparent pricing, certifications and star-ratings? this might be useful. but I wouldn't want it to be in any way a limiting list

  3. 3 Thanks to Oaktech:

    crispinw (16th August 2013), VeryPC_Andy (16th August 2013), VeryPC_Colin_M (20th August 2013)

  4. #3

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,264
    Thank Post
    111
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    They are useful if your SLT / Finance / IT team can't understand how to run a procurement properly.

    They are useful if you need to get something large done in a hurry.

    They are a useful template to reference when 'doing it yourself'

    Standardising IT implementation across schools is idea with the same merits and drawbacks as standardising the staffing and curriculum deliver structure across schools.

    The Frameworks can help you avoid some pitfalls. If I am doing significant business with a supplier outside of a framework, I like to have met the Operations and Finance Directors, and have a copy of their last financial reports in the proposal. The big one is to make sure the supplier has the skills and the capacity to actually meet your requirements, sometimes it is necessary to scale back aspirations, or perhaps adjust the supplier/customer skills mix to ensure successful delivery.

    Does it save money? Sometimes, if you are lucky. But that doesn't require a framework, often if a reseller has 'a bid in' from say HP for 2000 devices off the back of a project that requires 1850, you can get (as the next customer in line) the benefit of the larger customers work (i.e. up to 250 unbeatably prices devices). Other times a framework clearly wins for the same reason, though this is more true on say a leasing framework (rates on £20Mill are better than those on £150K) than on a commodities framework where price fluctuates from influences such as exchange rates, and the state of the economy in the far east.

    How important is EU procurement law? Well, its the law. That said as long as you were fair to the market and you approach only reputable suppliers, what you need to to do and what a procurement consultant will tell you that you need to do is the difference of £6000-£100,000 (the cost of using the consultant). Using a framework certainly helps smooth the trouble brows of nervous Governors and Finance Directors... though they often say "frameworks don't offer value for money" - to which I say, for anything less than £500K they probably do as the EU tendering process is time consuming and requires a specialist to help you through the process (expensive and expensive). The analysis should be done on a case by case basis when assessing the viability of the project.

    The problem with evaluating performance and value of competing products is that to do it properly one needs to be come at least as skilled and knowledgeable as each vendors' 'solution architects' or you just have to trust them. There is nothing really that can be done there... a NM isn't going to blindly trust either an independent consultant or the vendor solution architect. I have found in general vendors to be very up front and honest, provided the local technical team have the power to veto a procurement decision... as soon as the local technical team are disenfranchised no level of framework protection can save a project from the fact that sales people lie if they can make a sale and get away with it.

    For commodities a central place would be great if it was done well. Often the devil is in the detail when it comes to product selection, and different vendors do not (and sometimes, cannot) provide like for like quotes... so the buyer has to rely on their technical understanding to make sure the they are getting the product they need. To give an example, a vendor was offering a £299 IT Lab PC, and that was held up as an example of the power of standardisation and frameworks since it was three hundred pounds less than the school was spending at that time. The trouble was the "IT Lab PC" was based on an Intel Atom, and the school regularly did serious work in Photoshop and Premier... facts that were completely overlooked by the framework consultants and the vendors until a technician managed to get the Solution Architect to occidentally let slip the spec of the machines used in the quote.

    The trouble really is that details matter: cache sizes, application type, use-cases, connectivity, warranty terms, chassis construction type, management software, licensing model, 3rd party support. The products available evolve so quickly that you can't really have best value price lists. Even the big infrastructure in superficially similar schools can also legitimately vary too; some might need 14 network cabinets, others 4, it is astonishingly difficult to build a pricing model that can accurately reflect the variation of costs caused by the local environment for a single vendor, and I would say it is impossible to offer across multiple vendors on a framework.

    From what I understand of the existing frameworks, some allow for "Quick Quote" which is basically equivalent of emailing a set of suppliers, and this is best for commodities. While others require a specification to be written and the vendors have to respond to with written proposals and cost models and it is the customer to evaluate them and take a decision. I have used both types and found them to be useful. However my main infrastructure and support was not bought throu a framework, but through a series of RFQ's to a number of suppliers, two of whom it turns out were in the process of getting onto the BECTA ICT Services Framework. One offered a cheap and nasty solution, the other offered one of their two 'off the shelf' builds that they had submitted in their response to the ICT Framework Tender in OUJEC. The offer that was based on the BECTA framework submission got the business.
    Last edited by psydii; 15th August 2013 at 03:33 PM.

  5. Thanks to psydii from:

    crispinw (16th August 2013)

  6. #4
    crispinw's Avatar
    Join Date
    Mar 2007
    Location
    Dorset, England
    Posts
    59
    Thank Post
    6
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thank you both for these replies. Just to clarify, I am not an apologist for frameworks, though my real interest (or more accurately, pet hate) is the the Learning Services and more recently IMLS frameworks. As far as the ICT Services Framework, I am just doing some open-minded research!

    It sounds to me as if you both want the autonomy appropriate to a NM who knows what's what, and are skeptical of outside consultancy or standardisation. I presume you both work in reasonably sized schools or colleges. But what about the small primary school which doesn't really know what it is doing? I should have thought that they would be suckers for the sort of mis-speccing that psydii relates.

    My interest is in a combination of standardisation and a "G-Cloud for Education" online catalogue concept. Do you think this would have the ability to provide, if not like-for-like, then at least similar-for-similar comparisons? Let us say a group comprising users and industry suppliers came up with a categorisation for desktops according to requirement: level 1 (entry level for light word-processing) to level 5 (for intensive applications) etc. Make the classification system as complicated/simple as you like. Suppliers could put forwards their solutions in each category - and then the performance of those offers can be rated by users, as happens on Amazon. There are then two sorts of peer-to-peer conversation: 1. what category of desktop is required to populate e.g. a suite of computers which are to be used primarily for KS3 computing lessons; and whose is the best offer for that category? Maybe there is a third sort of question about how you fit together various categories of desktop with various networking and other infrastructure elements.

    This model would allow some flexibility. Prices could vary as commodity prices changed. Suppliers could vary their spec as technology improved - but a supplier which had established a reputation would want to protect that reputation and word would quickly get around if the e.g. HP's latest version of its mid-range desktop was not as good value as the previous one. It would help schools with limited procurement/technical expertise to put together specs from a menu, following generic guidance perhaps.

    I completely agree with Oaktech that any G-Cloud catalogue should not be a limiting list: those who wanted to go outside the standard specs (or modify them) would be free to do so - and new suppliers should be free to join the list with a minimum threshold of entry. But the existence of the standard specs would help smaller schools and help establish brand reputations for educational suppliers, which can surely only help improve value for money for buyers? The real discriminator would not be whether you were on the list or not (the framework model) but what star-rating and reputation you developed, once you were on the list.

    As far as procurement advice is concerned, the answer I take from both replies is that the only way to get it is to pay through the nose and the frameworks themselves, while they may provide a certain level of reassurance, are not really sufficient to ensure that the school is getting what it needs.

    Any further answers/reactions?

    Thanks again. Crispin.

  7. #5


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,649
    Thank Post
    275
    Thanked 780 Times in 607 Posts
    Rep Power
    224
    Quote Originally Posted by crispinw View Post
    * How easy is it to procure significant ICT infrastructure for your school/college?
    Very. Getting hold of demo kit for evaluation is also easy, especially if you name drop $current_incumbent.

    * How useful was the old ICT Services Framework (or indeed frameworks in general)?
    As a starting point, fine. We still use some of the suppliers on it, others we wouldn't use.

    * How easy is it to get reliable advice about (a) what to buy, and (b) how to buy it?
    On something I'm familar with? Trivial. On things I'm not? I read up on the particular technology so I know what questions to ask and how to size it for our environment. Then I go and look for independent reviews from people without a stake in the sale.

    * To what extent do you think your local requirements could be standardised (assuming that was a participative process) and to what extent do you feel that your local requirements are unique?
    I suspect it'll be handled poorly and we'll ignore the standard and do what's best for the school. We've been bitten before by standardisations that don't give any regard to local differences.

    * What are the main pitfalls that you need to guard against when procuring significant infrastructure (e.g. companies that go bust, proprietary lock-in, lack of pricing transparency, poor requirements analysis…)
    Manufacturer lock-in, company buyouts that lead to an otherwise productive relationship going downhill due to poor CRM or an inability to meet contracted support levels.
    Contract renewal terms - auto-renewing contracts with excessive notice terms should be avoided.
    It's commonly accepted in IT that the list price isn't the price you'll be paying, the trick is learning how low it can go and the route you have to take to get there.

    * What is your perception of the benefits of aggregated procurement as a way of saving money?
    Centrally-organised procurement? "One size fits no-one". My perception is that they equate "school" with "as cheap as possible", when really we'd rather pay a bit more for better kit that lasts a decent amount of time.

    Schemes such as the Crescent Purchasing Consortium work well and I think that's partly because they're not aimed at schools. It's for further and higher education - there's a decent range of vendors and contracts available and they read the requirements properly and ask if they're not sure.

    I also participated in an Edugeek-organised group buy and we got good hardware at a decent price, but that's because the people who have to support the hardware wrote the spec.

    * How important are OJEU (EU) procurement rules, which kick-in for public procurements valued at more than £150K?
    If OJEU rules kick in, it's usually because we're doing a new build of which IT is a relatively small part of. I don't spend enough for it to impact an IT-led project.

    * How easy is it to get information comparing the performance and value of competing products?
    Easy > Medium, depending on how widely used the product is. If no-one's using X, we probably won't buy it unless it's something cheap or can't really go wrong.

    * How valuable would it be to have a "G-Cloud for Education" - i.e. an online catalogue of IT products for education, with transparent pricing, certifications and star-ratings?
    Assuming a real willingness to ensure schools get good products at decent pricing from vendors who're informed about the products they're selling, with oversight from people who understand IT and the sales channel (and all the various pitfalls to avoid).........

    It could be useful for schools with no onsite IT people as an SLT starting point.

    Requiring schools to use it (and having it farmed out mostly to the usual suspects) wouldn't go down well.

    What does a company have to do to be certified? Can they lose that certification if they're not providing an appropriate level of service? Who decides they're not providing it?

    What does a star rating mean? Who provides the ratings? Do ratings get moderated if it appears to be from uninformed opinion? If customers are providing ratings, what will you do to ensure it doesn't turn into the illegitimate child of Ebay (A++ would use again), Youtube (general ranting and crazy people) and Amazon (I bought a blue product but wanted pink, one star) reviews?

  8. 3 Thanks to pete:

    crispinw (16th August 2013), Oaktech (16th August 2013), VeryPC_Colin_M (20th August 2013)

  9. #6
    crispinw's Avatar
    Join Date
    Mar 2007
    Location
    Dorset, England
    Posts
    59
    Thank Post
    6
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks Pete for the useful answers.

    To respond to your questions on the G-Cloud concept - my proposal is that there should be only a minimum of standardisation hard-wired into the catalogue - more below.

    With regard to star-ratings, I would have these given by user reviews, with mechanisms in place to avoid abuse. What that means in practice would be for the community to decide, but I would start with a presumption of no anonymity and registration as a reviewer through your school or college. Second, you would have a mechanism of developing a reputation (maybe even a supplementary income) as a reviewer, established by reviews of your reviews by your peers. Expert reviews could be added into the mix by established and reputable review sites. But the basis would be to get a responsible, expert and accountable reviewing community... a bit like EduGeek?

    "'Aggregated procurement' ... Centrally-organised procurement?" That point re. Becta euphemisms is one that I have made several times myself. My blog on the IMLS Framework, for example, is at Stop the IMLS framework | Ed Tech Now

    But I also take your point that bulk purchasing schemes might be useful, depending on the scheme. So why not have a section on the G-Cloud for aggregated procurement schemes? Let the users of those schemes, not central civil servants, say what they should look like.

    I mentioned certification in an aside, so let me explain what I mean. I should declare an interest as Chairman of BSI's committee for IT in education (IST/43) and a long-term advocate for better data interoperability for education software.

    I would see a certain level of certification being implied by inclusion on the G-Cloud, but this being at a fairly light level. There might be a really minimal level of due diligence applicable to certain categories (e.g. learning content) and more e.g. financial credentialing associated with products with higher values and on-going support. But my concept would be to make the threshold of entry onto the catalogue as low as possible and the discriminator down to star ratings and brand reputation.

    Other standards/certifications could be optional - and this would create a meta-market for standards which also ran through the catalogue. In other words, just as products (and aggregation services) could use the catalogue to establish reputation, so would the standards/certifications which products might choose to adopt and the user community might choose to rate. They wouldn't be something that was mandated or even recommended from on-high.

    The standards would be likely to come in a couple of flavours:

    * minimum standards for e.g. online safety, network security, safety and accessibility of equipment
    * technical standards for interoperability (as far as education-specific standards are concerned, these would really affect the learning services and not the ICT services frameworks.

    As far as the first is concerned, their role would not only be to establish best practice, but also to some degree to indemnify NMs who wanted to allow a little more freedom to users of the network in the interests of learning. So long as you and your equipment complied with agreed standards, it would be difficult to call you irresponsible when something went wrong.

    The second of these is where I think there is a huge potential to develop more powerful, plug-and-play learning software. Let us say we are talking about learning activities/assessments that return marks or other forms of performance data automatically to a common markbook. Here we are after 20 years and billions of pounds of government spending, and this basic functionality is still not being offered by the market. But give ed-software developers the opportunity to certify their products as implementing an appropriate technical specification to allow this to happen, and the industry will develop such standards, as long as schools show that they are interested in buying this sort of interoperable software.

    As for removing certifications for non-compliance: absolutely, this is essential. Certification agencies that do not do that will lose credibility, buyers will quickly ignore their certificates, and companies will stop paying for those certificates, and the agency will go bust.

    So my vision for the G-Cloud catalogue would be a platform that would allow competition at many levels: products, support services, aggregated procurement services, certification services - all of which would sink or swim depending on whether they are attractive to a well informed user community.

    In short, I would see certification addressing issues of objective fact (product A does or does not interoperate with product B, and does or does not conform to the minimum standards set in one respect or another) while star ratings would represent more subject, evaluative judgements.

  10. #7

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,653
    Thank Post
    1,257
    Thanked 781 Times in 678 Posts
    Rep Power
    236
    Quote Originally Posted by crispinw View Post
    The second of these is where I think there is a huge potential to develop more powerful, plug-and-play learning software. Let us say we are talking about learning activities/assessments that return marks or other forms of performance data automatically to a common markbook. Here we are after 20 years and billions of pounds of government spending, and this basic functionality is still not being offered by the market. But give ed-software developers the opportunity to certify their products as implementing an appropriate technical specification to allow this to happen, and the industry will develop such standards, as long as schools show that they are interested in buying this sort of interoperable software.
    You'll have to ensure a low barrier to entry so that smaller vendors can participate - the kind of people who currently write iOS apps of a weekend. If certification of interoprability standards could be largly automated (i.e. does the software pass a test suite with no fails) this shouldn't be a problem - an iOS-style nominal fee for developers to be set up with an account would be fine, and by all means charge more for more involved certifications that require actual man-hours to check.

  11. Thanks to dhicks from:

    crispinw (16th August 2013)

  12. #8
    crispinw's Avatar
    Join Date
    Mar 2007
    Location
    Dorset, England
    Posts
    59
    Thank Post
    6
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thank you David. I agree on all counts, including the importance of enabling small vendors to participate. The cost of specialised test harnesses (and the unreliability of interoperability when such test harnesses do not exist) has been a key problem in the past. One of the reasons why SCORM achieved the visibility it did in the early part of last decade was due to the amount of money that the US DoD put into its self-test suite. So I also agree that a generic test harness is really important. Given a limited range of transport mechanisms, it would not be too hard to check data validity against appropriate XSDs or other machine-readable schemas. Of course, all this has to be paid for and government seems reluctant to pay for anything very much these days - but it should be possible to build a business model on differentiated certification fees. For example, in the case of the ability to return a mark to a common markbook, the providers of the common markbooks (as infrastructure providers) should be able to afford higher certification fees than you would want to impose on the developers of the activity instances and tools.

    Where this discussion meets the procurement discussion is in the need to ensure that suppliers who meet appropriate interoperability specs achieve commercial benefit by the ability to certify their products in a way that drives sales. That is at the root of the money tree. But this whole discussion is really one for the IMLS framework, which is a little way down the line - I think IMLS is due for renewal in 2015 or 2016, depending on whether it is extended into a fourth year.

    In political terms, if a case is going to be made for the online catalogue approach, it would have to be made for the ICT Services Framework, which is what is up for renewal now.

    Crispin.

  13. #9

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,264
    Thank Post
    111
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    I quite like the IMLS. Though it would be better if companies could join it rather than it being a static list for five years. Anyone notice that CMIS and Progresso are no longer available through it since they were bought by ACS?

  14. #10


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,649
    Thank Post
    275
    Thanked 780 Times in 607 Posts
    Rep Power
    224
    Quote Originally Posted by crispinw View Post
    With regard to star-ratings, I would have these given by user reviews, with mechanisms in place to avoid abuse. What that means in practice would be for the community to decide, but I would start with a presumption of no anonymity and registration as a reviewer through your school or college. Second, you would have a mechanism of developing a reputation (maybe even a supplementary income) as a reviewer, established by reviews of your reviews by your peers. Expert reviews could be added into the mix by established and reputable review sites. But the basis would be to get a responsible, expert and accountable reviewing community... a bit like EduGeek?
    I suggest you don't advocate for paid reviews. The scope for abuse is quite broad.

    So if a non-technical member of staff was quoted as saying "Our new SAN from $whoever is awesome because it's got flashy lights", they'd get moderated as uninformed opinion? Whereas if they were talking about something within their remit (usefulness of Application Y with SubjectArea), they'd be fine?

    The standards would be likely to come in a couple of flavours:

    * minimum standards for e.g. online safety, network security, safety and accessibility of equipment
    * technical standards for interoperability (as far as education-specific standards are concerned, these would really affect the learning services and not the ICT services frameworks.

    As far as the first is concerned, their role would not only be to establish best practice, but also to some degree to indemnify NMs who wanted to allow a little more freedom to users of the network in the interests of learning. So long as you and your equipment complied with agreed standards, it would be difficult to call you irresponsible when something went wrong.
    The NM would still be responsible unless they could show they'd done due diligence. "A framework said it was OK" doesn't count.

    I'd be more interested in you holding vendors to standards for patching their software promptly and publishing how long they'll support that version for.

  15. #11

    Ephelyon's Avatar
    Join Date
    Aug 2008
    Location
    Cheshire, England
    Posts
    1,708
    Thank Post
    299
    Thanked 327 Times in 200 Posts
    Rep Power
    143
    Crispin, is it worth asking if this is what the proposed PAS standard around child online safety from last year has turned into?

    Personally I was more interested in the other work Becta did than the procurement side of things; that was tragedy of its loss. The Government didn't like the procurement standardisation so threw the whole baby out with the bathwater.

    Also, might it be worth taking a look at The IT Index from ProBrand? This was an attempt at doing something similar with a single supplier's products and it seems to work quite well, we've used it a few times.

  16. #12
    crispinw's Avatar
    Join Date
    Mar 2007
    Location
    Dorset, England
    Posts
    59
    Thank Post
    6
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I take your point about payment - even if the advice is valuable, payment can corrupt the system. I was thinking more of a gentle pay-back / award for reviewers who offered real value to colleagues - but you may well be right that this would not be necessary.

    On vetting contributors, I think there is a balance between pre-approving people and letting reviewer reputation (and just the quality of the review itself) decide. My preference would be to register all community members through their schools and then let the community establish the credibility of reviews and reviewers. If the RE teacher started posting reviews on subjects that he/she knew nothing about, (a) the community would soon correct the record, and (b) someone at that person's school might question the effect these eccentric reviews were having on the reputation of the school. If someone started posting malicious negative reviews because they had an interest in a rival supplier, then everyone would know exactly who they were and they would be playing with fire. But however you do it, I think there are mechanisms for avoiding irresponsible and malicious reviews.

    On the question of indemnity, I am thinking of a comment made by the Royal Society in "Shut down or restart?" about excessive "health and safety" network security in schools, which inhibited learning. I saw similar questions about net filtering software recently on Twitter. But who is liable when something goes wrong? My point is that a certain level of risk is sensible and professional - but it is hard to make the case that the risk was reasonable after you have thrown the dice and got a triple 1. At that point, it would help to say "we were taking a level of risk that industry & practitioner consensus agreed is reasonable and proportionate".

    I think the sort of contractual standard you suggest is another real possibility. It might just be a contractual framework that made this sort of information about patching and support transparent and trustworthy. You could visualise it as a certification mark accompanied by an information grid. So... a conversation on edugeek establishes what that grid should contain, we recruit a dozen suppliers who are willing to implement (maybe offering them a year's payment holiday on certification) and with both supplier and user communities, work out a legal framework of remedies in case of breach; we pass a Publicly Available Specification through BSI (it can later progress to a British, European or ISO standard if it does well, giving these suppliers a helping hand in their export markets); and given the catalogue, we start badging conformant products. After year 1, the companies start paying for the certificate, which they do because they realise that you guys are not going to buy their products unless they do, and the certification charge is set at a level which makes the whole process sustainable. If on the other hand the new certificate does not affect anyone's buying behaviour, then the suppliers decide it is not worth forking out and the standard fails - just like a bad product would do.

    This use-case makes the point that there is no reason why YOU (i.e. the user community) should not initiate whatever standard you want to see - the catalogue would just become a platform that would allow those standards that were of interest to buyers to prosper. And the catalogue and the standardisation organisations would be de-coupled, so the catalogue could display certificates produced by different organisations - so no-one would have control over the whole process. Too often, standards have acted as a sort of covert regulation by the central administration, which is not in my view what they should be.

  17. #13
    crispinw's Avatar
    Join Date
    Mar 2007
    Location
    Dorset, England
    Posts
    59
    Thank Post
    6
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Ephelyon, thanks for the link to ProBand, which I did not know about. I will look in more detail and have dropped them an email in case they would like to contribute to this conversation.

    Re Ian Shaw's e-safety standard, it is still in the starting blocks and is waiting for a large network or mobile supplier to come in an back it. I did not initiate that standard, but I am doing my bit to try and find the missing players. That is following a traditional PAS route, which requires up-front funding from a number of sponsors. I think there is scope for that, but I am working on a different model, based on downstream certification charges, which depends on the G-cloud/catalogue concept and I think is more appropriate for innovative technical data standards. In fact, "standard" is the wrong word in this case - it would be a pre-standardisation specification, which might just have a small group of SMEs to back it, while the traditional PAS model requires consensus.

    But whichever model we are talking about, I think the wheels would be oiled by providing suppliers with a commercial incentives to develop and adopt standards - and that is why I think the current dysfunction in the educational standards world boils down to current procurement models.

    On Becta, I wasn't a fan of very much that they did, except that they did have the aspiration and ambition, which I guess we all miss. But I am past quibbling about the details - I think what we need now is the right processes that allow anyone to innovate.

  18. #14
    crispinw's Avatar
    Join Date
    Mar 2007
    Location
    Dorset, England
    Posts
    59
    Thank Post
    6
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I agree about companies joining the list half way through.

    I did a FOI request on the number of call-offs against the framework, which were very few indeed. Of course, people might still use it as a recommended list, without formally calling off against it. My main objections to it are (1) the supposition that suppliers were going to provide a one-stop-shop set of learning services (when the market is very immature and innovation needs to be encouraged); (2) the failure to define what products are actually being provided, (3) the fudging of data interoperability, which in my view is critical to getting learning services to work.

  19. #15

    Ephelyon's Avatar
    Join Date
    Aug 2008
    Location
    Cheshire, England
    Posts
    1,708
    Thank Post
    299
    Thanked 327 Times in 200 Posts
    Rep Power
    143
    Quote Originally Posted by crispinw View Post
    On the question of indemnity, I am thinking of a comment made by the Royal Society in "Shut down or restart?" about excessive "health and safety" network security in schools, which inhibited learning. I saw similar questions about net filtering software recently on Twitter. But who is liable when something goes wrong? My point is that a certain level of risk is sensible and professional - but it is hard to make the case that the risk was reasonable after you have thrown the dice and got a triple 1. At that point, it would help to say "we were taking a level of risk that industry & practitioner consensus agreed is reasonable and proportionate".
    All I can say to that, and having read the Royal Society's report, is that when I am evaluating risk around system security issues, "indemnity" will come into it but is not one of my real prime factors. At its most basic level, the concept of "risk" to me engenders the concept of "consequences". A risk assessment is a matrix for glorified probability evaluation, but the reason why we perform them is because of the consequences of each risk, if not managed correctly.

    Consider little Johnny who takes issue with little Freddy and wants to beat him up but doesn't want to risk it on the school yard. If system security is lax to the extent that he is able to compromise the MIS and find out Freddy's address, the consequence is violence between children.

    Consider a teacher under investigation for an allegation that (for the sake of argument) will later prove to be false. If system security is lax to the extent that other staff or pupils are able to access areas where confidential minutes, pupil disclosures, OHU reports etc on the incident are stored, the consequence may well be loss of a teacher's career.

    In both cases, whether or not it's my neck that would ultimately be on the line, I may be the first and last defence against that and it is my ethical obligation to ensure that these things can't happen. While standards around who is at fault in the event of a security breach may assuage certain people in certain scenarios, it does not obviate the main issue. Now, a standard around how technical staff's concerns in such regards could be reduced ALARP by means of support for their skills, experience and responsibilities could go a long way towards progressing the situation, however...

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. What can I expect as a new ICT technician?
    By itylea in forum General Chat
    Replies: 42
    Last Post: 8th August 2010, 09:33 PM
  2. Approx Costs for new ICT Suite
    By FragglePete in forum How do you do....it?
    Replies: 20
    Last Post: 4th December 2008, 09:01 AM
  3. 10 Learning Platform Services Framework suppliers
    By Crash in forum Virtual Learning Platforms
    Replies: 11
    Last Post: 29th February 2008, 01:17 PM
  4. Schools Wanted for new ICT Technical Services Co.
    By stephenwelch in forum Educational IT Jobs
    Replies: 23
    Last Post: 5th May 2007, 12:17 AM
  5. What a change a new ICT Co-ordinator makes!
    By RobC in forum School ICT Policies
    Replies: 2
    Last Post: 24th August 2005, 01:07 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •