For parents choosing a school for their child, particularly the first school for their first child, this can be quite a daunting experience. Your child is your most valuable asset and for the most part you have been their primary influence, been responsible for defining every facet of their existence and for making every choice in their life. You have had complete visibility of everything they do and how each experience has made them the person they are today. The time has come however to entrust part of that responsibility to someone else, someone you don't know and of whom you have little visibility of how well they will continue the work that you have started. You can read reports from Ofsted (the schools inspector) who will define how well the school is performing against others in the area, you can look back into the history of the school and its performance and the exam results it has produced. You may speak to parents of children already in the school to see what they think of it or perhaps listen to rumours and stories in the local conscious about the school.
There is certainly a lot of information about to help parents make a judgement on a school for their child but the key element for many is the point when they get to visit the school and meet the head teacher. Until this point, the information gleaned has either been based on empirical results or second hand information from others. Seeing the environment for yourself and meeting the head teacher and most likely other members of staff will be the first opportunity to form your own opinions and ask your own questions. For many, this may be the differentiator and may be the biggest factor in how you make your decision. The figures will show how good the results are, but parents still want to know how their child will be engaged with and treated during their time at the school and will also want to know that they will be protected from harm and any risks that their children may face during their time there. Parents also have varying preferences for reporting and information. Some will be happy to entrust their child to the school with complete faith and rely only on report cards and parent-teacher meetings to get feedback. Other parents will want to know the minutiae of how each lesson is taught. Much of the assurance parents are going to get from this meeting is their confidence in the school and the staff to keep their child safe and secure in an environment outside of their control. Only if information provided in these meetings is to the satisfaction of the parents will they make the decision to entrust their child to the school.
This is very similar to businesses outsourcing elements of their IT or moving to a managed service. At a time when many companies are feeling the pinch from the economic downturn they may be turning to outsourcing to save costs and for many this may either be their first time or be the most significant move to entrust their data to another organisation. Without anywhere near as much information and visibility of prospective providers as they have of their own company, they will seek to gain as much information and assurance as possible. Analysis of the providers' performance and capabilities will give potential customers a good baseline on a shortlist. The really valuable information to differentiate a service provider from its competitors will come from the detailed and specific information that is exchanged throughout the bid process. Assurances that the supplier can deliver the required solution to the required standards will be a key measure, along with the cost effectiveness of the work. Customers also want assurances which may not be as easily set in stone as the technical design and cost. Making sure that their data is available when they need it will be defined within SLAs and recovery objectives but how can they be sure that the measures that make their information so highly available to them and their customers won't make it available to any unauthorised parties?
Security assurance can often be given in terms of certifications or accreditations held and the results of audits conducted. A visit to a service provider's facility will give customers peace of mind that the physical security controls are sufficient to protect their data, as well as the required environmental and power resilience controls. Customers will bring their own security people to talk to the service provider, and whilst the IT people are discussing how many megabits-per-second they need to transmit their data, gigabytes of RAM to process it and terabytes of disk space to store it, the security people will want to make sure that the data is being transmitted, processed and stored in an appropriate manner with controls that suitably mitigate the risk. The security people need to give assurances to their business that the data they entrust to the service provider is safe and properly protected from threats. This can be a make-or-break factor in any deal and will often require more than just assurances of compliance with any mandated regulatory standards. The security person that the service provider includes in that meeting needs to be able to give the customer the assurances they need that their data will be in safe hands and will be treated with the same care and consideration as if they had maintained it in-house.
Security built into a solution from the start is therefore more than just a technical solution consideration but requires a full risk-focussed assurance role to give potential customers the confidence they need that not only their service but their data will be safe in the service provider's hands.
Photo: Arvind Balaraman
No comments:
Post a Comment