As teaching and learning has quickly moved to a remote model, what do you need to consider when planning IT service maintenance?
The swift change to remote delivery of learning and services over the past few weeks has put a huge strain on universities and colleges around the country.
But a huge amount of work has already been done to move towards this ‘new normal’. As we settle into this new way of working, it is important for IT managers to plan for continued delivery of essential services over the coming weeks and months.
Summertime is often a busy period for IT teams as technology changes are implemented while staff and students are usually off-campus.
Despite the current change in practice, continued delivery of IT services will remain essential, especially considering the increased reliance staff and students now have on accessing systems remotely.
This will not be without challenges, as there will likely be staff reductions due to illness and furlough, as well as not being able to access onsite infrastructure. Therefore, priority should be given to ensuring there are adequate resources to allow for uninterrupted service provision in mission-critical areas.
Using best practice from the Jisc infrastructure review service of over 200 member sites, we have produced the following checklist to help you with this planning:
Many capital projects are likely to be delayed or even cancelled due to lockdown measures. Consider whether funding can be redirected to providing continuity of existing services or enhancing remote learning facilities.
IT team staffing and structure
- As staff may be reduced due to illness or furlough, are all responsibilities being covered?
- Is your team structure fit for purpose in the new environment?
- Is there enough remote helpdesk support available?
- Are external third parties still able to fulfil contractual commitments?
- Have you considered the impacts of changing the way teams work during periods of closure? Cloud services such as Office 365 are in particular demand and require specific administrative skills
- Is there capacity to remotely administer network services such as the campus firewall?
- Can staff resources for systems of reduced importance (such as on-campus wireless networks) be redeployed to higher priority services?
Servers and storage
- When it comes to security patches and backup, mission-critical and non-essential systems should have equal priority:
- Are on-site data servers remotely accessible? If not, can services be transferred to the cloud?
- If you have on-site data servers, are environmental controls monitored remotely? This is important to consider in cases such as air conditioning failure – will damage be caused before it’s noticed?
Identity and access management
Are you able to resolve user access issues remotely, for example forgotten passwords?
Where password expiry is enforced, it may be worth considering removing this requirement to reduce the number of issues going forward. The National Cyber Security Centre recommends implementing strong passwords which do not expire.
Student-facing applications such as virtual learning environments (VLEs) take priority and should continue to be maintained.
Applications including email and collaboration tools such as Microsoft SharePoint are also high priority. Other systems can be prioritised accordingly – for example access to student records and financial systems will currently be of greater importance than timetabling and room booking systems.
Class devices such as desktops, laptops and tablets which are not in use during lockdown are no longer a management priority.
Can resources be redirected to ensuring that organisation-issued devices being used offsite are properly managed, patched and encrypted? This includes both staff and students’ personal devices, as well as organisation-issued devices.
It may no longer be possible to access physical offline backups such as a tape library:
- Can cloud backup be used instead?
- Are communication links for remote access encrypted?
- Are backups logically offline (ie they cannot be immediately accessed should administrator credentials be compromised)?
Administrator accounts should only be used when elevated privileges are required – this is even more important when support staff are working remotely.
Have staff been made aware of data security obligations? This is especially important when staff are working offsite.
Devices used to access systems should be encrypted. It is also important to consider whether learners with additional accessibility and inclusion needs are catered for while working offsite.
A robust safeguarding policy is also vital, and staff need to be made aware of it, especially while working from home.
For instance, it is now recommended that one-to-one staff-student engagements via video conferencing no longer take place without a third party present.
The above considerations demonstrate that while some services can be considered lower priority during lockdown, there are still a number of systems and services that require continued maintenance and support during the crisis period. For example, particular focus should be placed on security and backups to reduce the risk of data loss.
For more information, read our guide on ensuring continuity of learning during enforced absence.