This post is aimed at helping Glow users who are wanting to know more about Glow and security, providing more information on the security levels within Glow and the actions taken.
Security in any IT system has to be appropriate for its purpose. Glow services are designed for Learning and Teaching and it is used by staff and pupils, from early years up through the age ranges. We aim to strike a balance between security and ease of use. For example, more complex passwords and user registration processes
, could have been used to create a service capable of handling more sensitive data, but this would also hinder access for younger pupils as well as those with learning difficulties. This could create a barrier to access which would mean that pupils wouldn’t be able to have ownership of their content and it would be more difficult to share and collaborate. These are vital digital skills we want to develop as part of our learners’ educational journey.
When any IT system, including Glow, is designed there is a need to balance any ‘Risk’ with a ‘Mitigation’, as per Risk Assessments for any activity in School. Local Authorities and other customers use the Glow service with full knowledge of security of the service and they are able to conduct local risk assessments, augmenting these with local policies such as Acceptable Use Polices (AUP’s) and procedures.
The national Glow team at Scottish Government and Education Scotland have worked with local government security officers to enable them to carry out local risk assessments, the following information is provided:
• ISO 27001 baseline control documents,
• Customer risk report
• Security policy
Glow security levels are set at an appropriate level, to allow staff and pupils to work together, to collaborate and share and use the areas of Glow they want, the usernames and passwords set at a level that are still able to be used by the target audience for Glow. Users are encouraged to act responsibly, the Glow Community Rules outline what is meant by appropriate behaviour. Glow is a secure platform to allow learning and teaching to take place, it is not designed to be secure enough for sensitive personal data.
The online Report A Concern function has been added recently to augment the existing helpdesk. This allows users to inform us when they see anything on Glow that is worrying, nasty or offensive and allows us to take corrective action and reflect on this to make future changes.
We want Glow users to be in Glow, comfortable in the level of security provided. Should you have any feedback please do let the Glow programme know – comment below or email firstname.lastname@example.org