O4.1.1

=Integrity and validity of digital information is regularly monitored.=

Evidence
In addition to being reliable and failsafe, the technology infrastructure used to support e-learning should also ensure that, as much as possible, the information within systems is protected from corruption and loss. A technology plan considering aspects of information integrity can combine a strategic view of institutional e-learning directions with practical consideration of risks and the integration with other systems within the institution.

In a comprehensive review of the security of technology systems, Kvavik and Voloudakis (2003) discuss the complex issues involved in ‘preserving confidentiality; protecting information from unauthorized use or disclosure; assuring information’s integrity, including accuracy and completeness of the data, through protecting from unauthorized unanticipated, and unintentional modification; and, making data available to authorized users on a timely basis’ (p. 9). Their key findings identify two dimensions: security technologies and a security culture, which both involve institutional values and rules. Kvavik and Voloudakis elaborate on an institution’s position as originating in the following matters: ‘Perceptions about the risks…internal, external or both; the institution’s propensity to take on or accept risks; the resources an institution has to deploy, both financial and human; and, the institution’s priorities and culture reflecting where it feels it can effectively make changes’ (p. 10). They emphasise that without attending to the human aspects of security, technological solutions are ineffective. In concluding they consider that although loss-of-service damage and identity theft pose serious threats, the unintended mistakes of authorised users are often the most hazardous (p. 17).

Resources
Evidence of capability in this practice is seen in the use of a formally documented technology plan considering information integrity and reliability. This should include assessments of the security of information from intentional and unintentional loss, protection of privacy and student information, versioning and consistency with other systems such as student records or enrolments. Information provided by the institution, teaching staff and students should be included, as well as explicit consideration of copyright implications, including the rights of students, and the reporting required by licences. There should be policy and procedures in place to deal with potential failures or compromises. Standards and guidelines should be used to communicate which technologies have been proven reliable, and regular monitoring and reporting used to prove reliability and identify potential problems. Teaching staff are provided with templates, examples, training and support in maintaining course information to ensure its validity and reliability.

Stoll (2008) discusses how to ensure information security and the importance of establishing objectives and strategies surrounding information security and e-learning. The ISO/IEC 27001 standard directly addresses information security management.