School IT systems are like buildings. If you are constructing a building from the ground up you would develop plans, specifications, an operations manual and ‘as-built’ drawings. This governance gives confidence that should something happen to the building, you would have the data and knowledge to contain and manage it. You would employ an architect, and sometimes an engineer to document, following standards and criteria, to identify what is possible, what your options are, how difficult it will be and the additional skills you may need.
With the changes in data protection law, the need for IT Systems audit is mandatory and IT governance is required to provide school or university board / governing body with measurable evidence that technology systems and services are secure and can maintain the availability of access to data and information. However, the IT systems audit hasn't always been mandatory and 9ine has a long track record of working with schools that understand that for audit purposes, having a Systems & Security review is good practice in order to understand how their IT Systems & Services need to be maintained, developed, secured and protected.
The unavailability of IT systems can create implications for the individuals whose data you process and with the current Coronavirus challenges it is now critical that all organisations put in place business continuity measures.
What is business continuity planning (BCP) and why is it important?
Would your organisation be able to respond, and remain operational in the event of a sudden physical closure? In times of uncertainty you cannot predict what is going to happen. Although you can anticipate scenarios and plan to reduce the risk of those occurrences on the organisation. This type of business continuity planning is important for all organisations to undertake, including schools and universities.
- Disruption to user access of systems and services in the event of a technical incident.
- Availability constraints of IT technical and operational staff to keep the systems and services fit and healthy.
- Security incident due to organisations being systematically targeted for ransomware (defences may be lower in response to maintaining or enhancing remote working).
- Phishing attacks resulting in malware or other security issues meaning remote workers / learners device's are infected and cannot be used.
The impact of each of the above is multiplied further by not having the data, information, policies, processes and procedures in place.
9ine’s Systems & Security Services provides organisations within the education sector with a modular, structured approach to business continuity for IT Systems & Services. Our approach, tools, policies, processes & procedures provide your school with confidence in the event of unforeseen circumstances. When circumstances give rise to needing more capacity - you have access to a team of independent experts familiar with your school systems who can provide support, both in terms of business continuity and disaster recovery.
ABOUT THE AUTHOR:
Mark Orchison is Founder and Managing Director of 9ine. He is an experienced management consultant with expertise in data protection, cyber security, technology, project and programme management in education. Mark began his career with Sun Microsystems before moving into management consultancy, where he was the technical consultancy lead for overseeing technology systems for new build schools. Since 2009, Mark has led 9ine in becoming the leading independent K-12 technology and compliance consultancy in the UK. Mark now leads a team of twenty multi-disciplinary and specialist consultants in-house, with a client base expanding across Africa, Middle-East, Russia, India, Asia and the Americas.