Helping people online where they seek help (draft)

 

Access to the Internet at work for public servants

Public sector workers cannot be expected to be up to date with or exploit the power of information to transform public services if they cannot access the internet at work.  The Taskforce viewed a report of survey work done for the Minister for Digital Engagement on access to social media sites in Summer 2008. This showed that large numbers of public sector workers have access to mainstream social media websites blocked, a finding confirmed by a recent informal survey. The report noted that Departments had different needs and capabilities and said:

‘..while similar criteria are considered, it is clear that departments are coming to different conclusions on access, suggesting they are taking different views of the degree of risk or benefit associated with these types of site. While most departments clearly feel that blocking access is necessary to some degree, they also emphasise that their ‘appropriate use’ policies or codes of conduct have a key role in governing individual behaviour in this area.

‘Most policies include a provision for allowing exceptional access to specific sites for individuals that can make a strong case on the basis of business need. In some cases where use is typically blocked or restricted, non-networked PCs are made available for staff to access social media or webmail sites.

‘Several departments noted that they are currently or will soon review their policy in this area, with some noting that they see the need for more help and guidance for staff beyond that available in the published guidelines for Civil Servants on online participation. Policy ownership resides in the majority of cases with IT (with input from HR, Finance, Communications), though in a few cases the reverse applies.

4 departments allow access to all of the sites above as standard across their network.

12 department block access to all of them as standard across their network (but several note they will make case-by-case exceptions).

14 departments allow access to some; block access to others’

In the modern world public servants need internet access to do their jobs, in particular to keep up with changing citizen customer behaviours. The Taskforce is concerned that access to narrowly defined ‘whitelists’ of acceptable websites can act to inhibit innovation. New systems, such as the Cabinet Office Flex system offers a secure browsing environment within which whitelist controls can be rolled back to a minimum.

The Taskforce recognises that there are tensions between: the ever changing IT security threat profile, a need to have room to innovate, different HR policies required for different types of organisation and the constantly changing opportunities offered by new web services.  One of the biggest challenges is keeping policies in this area up to date and synchronised across an estate as large as the public sector. In order to manage the risks of internet access HR staff and the security authorities need to be in close contact with those who can articulate the benefits.

The Cabinet Office is leading work to examine the issues in this area, which the Taskforce supports.  The least burdensome outcome would be a simple common internet access policy fit for the modern era and capable of evolving to cover as many public sector workers as possible.  Given the widely differing operational environments of public sector workers (from intelligence analysts to nurses to contact centre workers) this may have to be a small but coherent family of policies.

The Cabinet Office should investigate the issues with staff involved in setting access rules and issue internal guidance. Where necessary Departments should work with CESG to accredit and deploy secure web browsing technology (already being used in Flex) which would allow a full range of sites to be viewed at full functionality while protecting Government’s own systems against the introduction of malware

Recommendation

Public servants will require adequate internet access to take part in social media as part of their job.  The Cabinet Office should work with staff involved in setting access rules and issue guidance.



RSS feed of comments 11 Responses to “Access to the Internet at work for public servants”

  1. I think there’s an opportunity here to raise the question of access using appropriate technology. Specifically, I’m thinking of the numbers of departments whose staff are using outdated and unsupported browser software – many are stuck with Internet Explorer v6, and a few IE5.5.

    We can’t expect people to appreciate, for example, the usability benefits of Ajax technology if they can’t see it themselves.

    The familiar excuse is that some in-house applications were designed for IE6, and won’t work with anything else. That makes me question the applications more than the browser.

  2. Simon Whitehouse says:

    A lot of social media/social networking blurs the line between the personal and the private. They are tools that can be used, by the same person and at the same time, to communicate both with friends and also to discuss issues with a wide range of people interested in a common area of work. Blocking the technology hinders the public servant and can create a barrier between them and the public.
    You identify the management of risks in the HR and technical areas and I think that is right to do. But there is also the perceived reputational risk to organisations from letting loose an army of public sector bloggers, Tweeters and forum contributors. Most public orgs have communications departments used to tightly controlling the messages that go out from them. There will be conflicts with people in these areas and they should also be in touch with those who can articulate the benefits of engaging in social media to them.

  3. Agree with Simon D that browsers need to be part of this. Would add that the new rules need to allow for keeping up with the rapid pace of change.

  4. Ian Cuddy says:

    We’ve surveyed around 500 local government employees on their use of social networking sites in the workplace and their council internet policies and would be happy to share the results. Policies and web filtering technology are much easier to put in place than addressing cultural change but do nothing to encourage a culture of trust and personal responsibility. The message needs to be positive: ‘You can use the internet for anything in work if it helps with the job and outside of worktime for personal use. It’s up to you to be sensible and to be able to prove reason for use if required.’

  5. Noel says:

    Trust is at the heart of this issue, there is always risk in engaging with new people or tools – nothing is 100% perfect in terms of security. For me, it’s the equivalent of saying that you can only talk to British Gas or Greenpeace to find out how people are reducing energy consumption in their community, because they are trusted organisations, but you can’t talk to a local community group who are organising themselves to share recycling, because they’re new…

  6. Steph Gray says:

    This is critically important, and the recommendation could be stronger, in my view. I would like to see formal cross-government guidance issued and implementation mandated via the CIO Council. Consideration for access to these sites should be part of shared services agreements for IT provision.

    As a counterpart to this, Departments should be required to draw up acceptable usage policies if they do not have them already, and to ensure staff have a reasonable opportunity to familiarise themselves with it.

  7. Agree with Simon’s point about ‘no department left behind’ and Steph’s recommendation. I’d also like the Taskforce to take into account remote and mobile access.

  8. Jeremy Gould says:

    Agree with Steph – this is absolutely crucial and the recommendation needs to be *significantly* stronger – mandating alternative routes to access. Without access inside Whitehall, none of the other stuff is possible.

  9. Phil McAllister says:

    I agree wholeheartedly with Steph about the criticality of this issue. In fact, I feel that this could be the ball game.

    If we can’t access the Internet on an equal footing to the people we are trying to engage with, then the rest of this report may be a moot point.

    New Media professionals, like any other professional, need the right tools to do the job. In deciding what those tools are and what policies should be applied, we should take an equal footing to IT and HR departments.

  10. N0el says:

    Agree with the comments above – I think that this shouldn’t be restricted to new media professionals, it should be available as a minimum to all staff working on engaging & communicating with the public. Where new media ppl can play a role is acting as digital mentors & sharing the learning across the organisation.

  11. Andrew Lewin says:

    I’m still startled by how many government departments routinely block forums and social media/networking sites. It surelycomes from managemenbt distrust of their own staff, that given access to such things then the staff are going to “waste” all day on them. As a result, they get their IT departments to impose blocks. But really, that’s just lazy management – if you can’t oversee your staff properly then you have bigger institutional problems. I think it’s less of a technical issue than one of management and organisational culture on trusting your staff.

    In some cases, there is also a “safety first” fear in IT departments – that the best way of stopping misuse, viruses etc. is not to allow ANYTHING. In some cases it’s not unfounded: the GSI, for example, will not allow any form of web email because of the concern of attachments being opened and infecting the base PC.