Just use the general squadron email and enstruct people to put “BAND: blah blah” as the subject header.
Don’t really want it cluttered with the general squadron crap though, that’s the thing
There is a bit of nettiquette here
.org is intended for charities and not for profit organisations - the squadron isn’t one.
GDPR isn’t a problem if your Civcom has a policy and your OC isn’t leaned on.
I recommend avoiding the ATC offered sqn extentions as they enable all your email to be monitored by third parties and that is a GDPR breach!
I get your point, but what’s that got to do with general squadron stuff cluttering an inbox…
The role accounts are: OC. Adj. training. Snco. Chair. Secretary. Treasurer. , so apart from the general xxx@aircadets.org there aren’t any others at Sqn level.
I would seriously caution against using external email services, for security reasons more than GDPR.
far less about GDPR, or security HQAC will not like you having contact with Cadets via a email platform they don’t control.
emailing Cadets? make sure there is a @aircadets.org email address in the loop.
the easiest way is to send from one of those addresses, the alternative is to always copy one in (but that then fills up/clutters accounts you can’t/don’t want to use for whatever reason.
HQAC and the CoC will shout “Safeguarding” at those persons who don’t use @aircadets.org email addresses, it won’t matter what system it is, there is not “auditable” route to see email conversions should accusations be posed against someone.
as discussed here it wont matter how secure the system is you use, HQAC will sooner or later insist that emails that are not @aircadets.org are closed and shut down.
Lets see what changes some when we move from role-based accounts to personal accounts. It might be easier to assign role identities/aliases within a specific format.
I’ll still go with a gmail account . I know of very senior officers using private email address to send items out when bader is down . It’s a band. I mean we can’t even offer cadet.mail to Cadets it’s not the first time I’ve had to send information at last min to their own accounts
The number of arguments I’ve had that sending emails from the general account which anyone can access is less auditable than staff sending emails from their own accounts just astounds me. Can’t wait for everyone to have personal accounts like a real organisation!
can you explain this as I dont understand what you are saying…
I think the suggestion is that you cannot associate an email with an individual if we are using shared accounts.
This is true, but you will have a formal audit trail in the approved email system that records some details and will tie it down to an account and source, if not an actual person. The email trail will also be accessible to this organisation.
It’s easy to sign an email with someone else’s name, especially with a shared account where multiple people could feasibly use it.
i deny that - but not sure how that is relevant…
So our email policy is that we have to do all of our comms from an official account and that we can’t share them for security reasons. (So only the named Training Officer has the password for the Training Officer Account).
We are also told that all staff plus any number of Cadets should have Bader access (Sharepoint and SMS with limitations able to be put in by the OC).
But that means that absolutely everyone has access to the general account because they need that login to acces personal accounts, there is no control over who can read and send emails from that general account. Mine is managed by 1 CI but theoretically any of 14 Staff & 6 Cadet NCO’s have access and can send or read anything they like.
I still have no idea how we ended up with (or were allowed) the current system, as a shared username and password is anathema to anyone who knows even the slightest thing about IT security and regulation.
correct
also correct
also correct
yes - that is the case
i am not sure what your post has added here???
Undoubtedly money.
One general account for generic working by a large pool of people, linked to the 2-teir system used for access to cadet/staff records (SMS) for control purposes seems like a good balance between auditability, security and cost until the system is proven and adopted as a good way forward.
Remember; on initial launch there was an OC’s account and the general account only. Training and Adj were added later, then SNCO, civcom etc. and now the plan to move to personal accounts.
The notion that using GDPR regs to cut down risk, when the systems we have and the suggested usage of them creates far more risk, is pretty dumb.
We all know that HQAC read this board, even if they don’t post. So pointing out what might be the bleeding obvious to us is useful because, as most know/assume, those at HQAC haven’t been near running a sqn since Trenchard was a lad.
They want us to abide by the law? Give us a system that actually follows the law in the first place.
Forgive my ignorance (yet again) - we’ve decides to go with the snco.xxxx as nobody uses it. How do we set it up? I am clueless
Speak to your Wing’s Bader Officer. Usually Bader.wing