Working Securely: USB Follow-up
The context
You may be aware of our recent insite communication about the requirement to control the use of USB data storage devices. This stems directly from the ICO audit in early 2020, which included stringent guidance on a range of issues. We have been working through these and consulting on technical solutions for many months.
As Warwick is one of the first UK universities to be audited in this way, we are strengthening security measures now that will be adopted progressively across our sector over time. The ICO's focus is firmly on Education, as seen in their recent audit of the DfE.
In order to demonstrate responsive action quickly, we first focused upon some of the easier areas to address; always mindful that some more complex and difficult challenges lay ahead – with a number of device security measures.
Consultation
We understand that the initial communication about USB usage has caused concerns and we note and acknowledge all the feedback received. In more ‘normal times’ it would have been productive to use the full range of meetings, workshops and 1:1 conversations to consult with all our communities - but with Covid remote working and reporting pressure from the ICO, it hasn’t been possible to do as much of this engagement as hoped. There has been a formal process through the University Information Management and Executive Committees (UIMEC and UIMC).
However, we are now in a consultation phase to identify and develop an exceptions process in agreed situations and circumstances where USBs and other specific device configurations will continue to be needed – primarily in academic research environments – subject to the ICO requirements. We will continue to publish further guidance and information over the coming weeks and work through the processes in a measured and considered way, department by department, as needed, to ensure we don’t make changes until we have workable solutions in place.
Supporting technology change
We have now produced a detailed set of FAQs on the context for our Device Security programme and specific changes to be aware of and understand. You and access these pages from here.
If you still have any concerns about these technology change processes, please contact the Helpdesk in first instance. Our Helpdesk staff are best equipped to triage questions and concerns to ensure they reach the correct team – and you get a timely response. We have also made two key new appointments to strengthen our approach:
Geraint Llewelyn is Director of Client Experience:
"I see it as my responsibility to work really closely with our colleagues across the University to clearly define what technology can do for us; to work successfully and securely and to help find a route forwards, even in the most complicated situations." Email: G dot J dot Llewelyn at warwick dot ac dot uk
James Alexander is Director of Digital Strategy & Transformation
"The newly formed Digital Strategy Group will be a key vehicle for our work, in bringing together technology and system managers from across the University to develop and administer a coherent, institution-wide digital strategy and roadmap for Warwick". Email: James dot Alexander dot 1 at warwick dot ac dot uk
Both roles have been created specifically to work across and with our community to deliver technology change programmes and make all engagement with IT as smooth as possible. Whilst change is inevitable – with tighter controls expected of organisations worldwide – both Directors will focus on finding common ground, understanding departments’ needs and objectives and helping to navigate any barriers.