Hi all, after donkeys years of having the Adj account at the Sqn I am now back to the general account but no-one on the Sqn is sure of how to log in to SMS.
I have access to email and SharePoint OK, but my question, which I don’t think is contrary to security stuff, is on the SMS Log In page, where it says Role Username, is that just the Sqn number, the Sqn general email address (XXXX@aircadets.org) or something else?
I will be raising it with our wing bader bod, but they are currently away, so any knowledge gratefully received.
Cheers
Dub
PS Mods- if this an inappropriate Q then please feel free to delete.
You need to have your OC setup a user account for you in SMS. You use both the Squadron account and your own to log in with. Role username and password is the Sqn account.
Which is why very few other than the OC or Adj do much on SMS.
One login, personal number and password and access it all, is what we should have.
I’ve set up accounts for all staff and there are only 2 who have ever logged on a few times and because there is no training people don’t bother, which I understand.
TBH given the restrictions on what people can do and then do it so infrequently, I don’t know why they have it. Probably the most useful thing I did was update vetting but it seems that this has been passed to Wings to do, as I assume we can’t be trusted to do it or WHQ staff needed something else they can’t do quickly. Logging onto Bader seems to lose more pertinence almost daily.
When badgering your boss make sure they go through and give you the permsisions you need. All of my staff have the appropriate logins so that they can create their own activities etc (as do many of my cadets)
I think the default should be do everything and OCs deny rather than grant access.
It’s how it works in our company, which works much better than having to faff around getting access approved when someone needs it, like we used to have to. It’s amazing what outsourcing IT support brings.
It’s hardly a faff, you do it when you set the account up. All my Staff & Staff Cadets have the ability to create events, my Staff can view cadets records but only the Adj/Training officer can amend them.
If you want to encourage people to do things you have to give them access IMO.
Seen this do wonders at work as it stops the “I can’t do that” argument and people are then more willing generally to do things.
As for personal data, name, address and phone number in the main are all over the place. We don’t hold what I call really sensitive information on the Corps’ system accessible at the sqn, ie bank details, NI and so on, there might be some medical stuff, but nothing that I doubt people aren’t open about.
These have been tenets of the workplace for many years and has meant people are given access to do things and training if they identify it as a need, which was denied unless you could prove the need in an essay. I was given access to systems at work which are highly confidential and business sensitive around 18 years ago, as I what I do needs it.
When so much in the ATC relies on using “Bader” to not give people access to do things as an automatic ‘right’ that can only help run the squadron is short-sighted.
As for information security etc people I know that work for Children’s Services and probation work from home and where ever they happen to be, with full access to all the information they need, which from what they tell me seems to be way beyond what we keep. One of those in probation is a social worker and has full access to social care systems as well as probation and says that working from home is about the only way they keep on top of reports for court and so on. I could imagine there are things on social care systems that would be dangerous to have ‘out there’.
Lax security of personal data (legal definition, not mine) is wrong. Start with the minimum rights, then “enable and empower” the people as intentional, justifiable actions.
So what personal data is on your Bader record, that people on your squadron won’t or don’t know? Bearing in mind that (unless you have a Wing job?) you can only access info from your own squadron. We shouldn’t be storing anymore than basic details on Bader, if people are keeping sensitive information, such NI or Bank account numbers more fool them.
I withhold phone numbers from everyone (my bank has asked for years and are still lacking that information) unless they, IMO, have a need to know it.
Full names, addresses, email and phone numbers, dates of birth, photograph, medical information and, occasionally (usually, but not always, in regards to vetting), passport and drivers license info, for cadets and staff. Data held on children is considered even more sensitive that that held about staff.
Squadron staff will know much, but not necessarily all, of the information held, but how much they need to access will depend on their job and needs to be based on a “need to know” principle. The training officer, SNCO or the various generic users don’t need default access to medical or vetting information, the cadet adding a register needs practically none.
Speaking about my personal info, I have nothing there that I am concerned about (I withhold my home phone number), but I do have stuff there that could be used for identity theft and I know other staff with personal medical information that they do not want openly disclosed, even within a squadron environment.
The “need to know” principle still applies. Regardless of what specific risks or concerns may or not exist, if someone doens’t NEED access to the information then they shouldn’t get access to it. Fail Safe.
LOL! I’ve not heard that in years. That was in the original wording for access to Bader systems and I’m pretty sure was buried not long after. I’ll have to hunt about for the history if I wanted to pursue it.
Why are people putting driving license and passport info on Bader?
Don’t make me laugh about personal information, people are so lax with this on social media, people put their DOB on sites so they get a nice little message to make them feel wanted. How many workplaces is a list of birthdays so people remember to buy cards if they so wish or people bring in some food on their birthday and often say how old they are. If you were so inclined you could visit a library and peruse electoral rolls or subscribe to an ‘electoral roll’ site and you would have more info than you would know what to do with.
Phone numbers how many staff put mobile numbers on letters etc and exchange them with cadets for contact purposes when doing activities? I always delete cadet and staff numbers (unless they are ones I work with regularly) as soon as I don’t need them, as I don’t answer calls if I don’t recognise the number. If they wanted to get in touch they can text me.
Vetting information we only keep the form number and expiry date and what use is that to anyone?
Email; just use an ATC one if you have one and if you don’t, don’t put one on there. I haven’t got a personal email on bader as who outside my closest working colleagues needs it.
As for medical information it goes on consent forms and seen by a veritable army of people. When I’ve been CC or Adj at camps I look through the medical records of everyone just so I don’t get a surprise. You couldn’t have a secret medical condition if you wanted to do things, we saw the unfortunate consequence of that behaviour a few years ago and boy did we have to pay for that. The fact that someone sees it and talks about it is something that could happen, not ideal but could, but as I say if people have a condition that might mean they can’t do things, in my experience people pipe up. I would imagine if someone had ‘the clap’ then they might not want to be so open.
The word here is trust and are you in the right place if you can’t trust the people local to you.
I’ve probably handled information of several thousand cadets and staff (and mine likewise) over the years and never had any thoughts of using it for anything other than ATC purposes and I don’t know anyone else who has. Of course data protection is only really a problem for information held electronically. Back in the day, all the info was in a cabinet in (in the case of ATC) the OCs office and the offices of organisations everywhere. Maybe we need to rein in the electronic data storage and only keep the most basic information essential information and nothing else. But this wouldn’t happen as it would need infrastructure put in place and be inconvenient, but perhaps we need to be inconvenient for people. For instance do away with compulsory fields on forms. Imagine having to go into a bank / building society rather than sititng on the bog moving money around or buying things. BTW I don’t bank online.
Why do we need electronically stored DOB, addresses etc for cadets or staff, we never had them before and the Corps ran probably better than it does now. Don’t do it and data protection becomes a locked filing cabinet in an obscure building tucked out of the way in towns, which as I say worked for more years than it was before it was supposedly superceded by electronic methods. This really does add meaning to ‘need to know’.