Our Bursar has expressed concern that the Staff personnel details are being stored in the same database that all the Student details are being stored in.
She is worried that some staff (support staff) are able to access names, addresses, etc, etc, for the staff (IE other teachers).
So, I have been tasked to see if there are any other Personnal software(s) available, which there are, boatloads no doubt. But, obviously, I want something that is as easy to use as possible, doesn't link through to the SIMS .net database, but is stilll able to output files externally for the Census / pulse returns(or whatever the stupid thing is, that has the staff names), that we have to send up to the DCSF/LA every term.
Basically, she doesn't trust Capita to make sure that SIMS .net has enough security, or that it is working.
What does everyone else use ?
Has anyone else expressed concerns about this access ?
Does anyone have any useful solutions, that don't involve me being rude to the Bursar ?
Surely its the job of the NM to ensure that all users have the appropriate security set? That being the case if the staff are not alowed access to those details thier accounts on the MIS should be denied access to that area of the MIS? If this is not the case then the NM is at fault for not setting the MIS security permissions correctly.
We use SIMS.net, like most people - the permissions system in SIMS.net is pretty robust - people can only see staff details if they are given permissions to! If some staff are able to see those things, and they're not supposed to, then their permissions have been set incorrectly. Any software will have this problem - ie. garbage in garbage out errors.
I would suggest that the Bursar needs to go on a training course regarding the system manager module, to be shown how graduated the control is, so her mind is put at ease. (I assume it is the bursar who is in control of the permissions in SIMS.net, as that's how it is here - our Bursar is also our SIMS.net manager. If not, then the bursar needs to speak to the person who does do this and get it sorted).
Also, pointing out that the majority of schools in the UK use the module would indicate there isn't a problem!
Please also consider the headaches that will occur once Workforce Census is in full swing and you are having to manaully calculate from a Third Party app. Set the permissions so staff can't see any staff contact details.... done.
As localzuk says - SIMS personnel is pretty robust. Most of our staff can't see personnel details such as addresses. The ones that can are meant to! It is pretty easy to make it that way and I can't imagine you'd find a product that is much different.
AFAIK you would have to keep at least a subset of the information in SIMS anyway because of the way that Personnel ties in with the timetabling functions.
I believe there's also ways to leverage your Personnel data in FMS too so that you can do budget forcasting for wages, etc. Perhaps your bursar doesn't realise that there are additional benefits like this?
Another way to set their mind at rest would be to give them an account with the same security set as the person they don't trust and let them see what can and can't be accessed.
A good exercise to do to understand data ownership is to view all the present options and groups within System Manager and create your own groups rather than the Capita pre-defined groups. You can then document what access you have given to what groups and who is a member of those groups.
It will also help your bursar understand how granular access can be.
The Permissions in SIMS as defined by System Manager are EXCELLENT.
Sometimes this cannot be said of the ability of the person appointed as System Manager. It is vital that this person fully understand how SM works so that fears expressed in the original post are allayed.
I guess this is similar to how many schools had Admin and Curriculum networks and have since(in most cases) scrapped one of the networks in favour of having one network with good security in place to ensure people only see what they need to see. As above I'd stick with the one database for everything and ensure the security is configured correctly.
Ah so I take it everyone uses SIMS for this stuff then.
It's funny I bet no other industry stores its internal personnel data in the same software database as their sales/customer data... but anyway.
The trouble is recently we've started putting these details into SIMS .net and it has become apparent that certain groups have more access to data than we expected them to, for example the "School Administrator" group can see all the staff details (which in hindsight makes sense), but we found that we have had to give out this level of access to enable certain support staff to do their job (the KS5 support assistant needs something in this group to enable them to do the EMA, but we can't see what it is).
...and before you ask the previous system was paper based... but with the workforce census, it means we have to computerise it all.
Part of the issue is that there is no single person in charge of SIMS, for good reason, as we tried to spread the responsibility when the last SIMS Manager left, so we all knew what was going on. What we need to do is spend a week on working out what the SIMS permissions are, what the staff need access into, and then creating the requisite groups.... but I was hoping for an easier solution. We've looked at the permissions spreadsheet before and fact that it runs to 15 pages (a3) means yes it is really granular, but I have problems knowing what the things mean and it will take a while to go through stuff.
The easiest, quickest and most secure solution is to pull it all out of SIMS put it into a new database, and only allow Personnel staff access to this new database. We use Sage for payroll for this exact reason and in this way, there are only 2 users able to use Sage, and I'm not one of them.
Oh, and just because no one else has complained about something doesn't mean that no one else has noticed (or knowing most users, grumbled quietly in the corner).
Thanks anyway, I think I'll keep looking around, possibly CMIS could help.
Sorry, but if you don't care to learn how to set up permissions, then any solution you implement will still be full of holes. Why not simply do as suggested, and learn how to use the software? Security by obscurity is not true security.
The integration of the various parts of SIMS.net are there for a reason - to make running a school easier. Personnel is integrated into Nova-T, it is also able to keep track of all your different census requirements easily. Why make your life more difficult in the long run because you can't get your head around the permissions in the short-run?
If you're unsure about it, why not contact Capita and have them set it up how you want? I'm sure that'd be cheaper and more effective than licensing an entirely different system.
Our finance officer has no access to personnel. There is no reason you can't set this up correctly!
And, comparisons between industry software and education MIS systems don't work - schools are not businesses, plain and simple. A SME doesn't normally have a piece of software tailored directly to their enterprise type. A large business would, but they'd have a lot more staff than a school has. So, MIS's are there to make the 'business functions' of a school simpler, by integrating them.
I really don't see the issue with having both employee and customer data in the same place - keeping students out of sims is just as important as ensuring staff members don't see each others details.
One thing you could try is creating a cloned custom group with the same permissions as the school admin group. Then all you'd need to do is remove the excess permissions.(create a custom group then in the group permissions tab select add role then choose school admin). This should take all of 10 minutes and provide a quick fix
Last edited by Jamman960; 26th October 2009 at 02:23 PM.