A while back staff were required to pass Protecting Data Level 1 to access Bader. Obviously “Protecting Data” exams have now gone.
We have Responsible for Information - General User available on ultilearn.
Can anyone point me to documentation that states what, if any, requirements now exist in order to access bader.
Badger sysops make no reference to training or requirements.
Unfortunately a lost of people still call it “protecting information”. Protecting information became obsolete when the security classification system changed. I did my first Responsible for Information test in 2015.
Once upon a time we had to renew this annualy but I am sure that has been dropped. I would like to see the document that mandates us (all staff, staff cadets etc…) to do this course. Can anyone point me at it?
Interesting, because the BADER team are very keen to tell everyone that BADER is accredited and WESTMINSTER is not, but RFI is very strictly enforced on WESTMINSTER and if you go out of date (yes, it’s one year) your account is locked.
It is an MOD requirement for you to do it if you have access to any personal data - which of course you do on SMS.
But you have access to information other than via electronic systems, which makes it pointless. Schools have much more detailed information about children than we ever do or would and when I asked teachers about this they don’t do it.
If you have access to things like bank account details and NI numbers, I can understand it, but we don’t.
It would be interesting to know what other groups / organisations do and I’m not speaking just youth and take our lead from them, rather than trying to be supposedly ‘better’, because a bunch of MoD paper shufflers get a bug up their backsides. Just because we tick a box, it doesn’t improve or increase activity delivery.
These things like this are fine if it’s your day job you are sent on a course or given the time to do it.
Farriersaxe - depends on your school but weaknesses often include:
poor control of data download and storage outside SIMS - teacher makes own spreadsheet, for example
failure to securely delete printouts e.g. ‘trip packs’ taken off site
poor control of access levels (‘need to know’) so confidential data is visible to all users regardless of need
lack of informed consent for all uses the data is put to - collecting data for one purpose and using it for another