I’m continuing to read the new Becta guidance documents on Information Security, and think about the consequences. After a few discussions with people, and comments from others here and elsewhere, I thought I’d try a to create a visual way of understanding where we are. This is by no means definitive, and it might be wrong. But it’s an attempt to simplify all of the guidance down to a simple picture of what is and isn’t allowed with the current guidance, and to highlight some of the things in the grey areas. Hopefully the further guidance we’re expecting to come will narrow down some of the grey areas.

Updated 19th September, with input from John from Bolton (see comments). The “reds” are growing!


My picture has three areas - “green” for good things; “red” for definitely bad things; and “grey” for those areas where it just isn’t yet clear. (Some of which are bound to turn “red”!)

Let’s make this a community thing – what else do you think is missing? What do you think is in the wrong place (according to your reading of the guidelines)?

Read my previous post “Information Security – more, but not yet enough, advice from Becta

For more about Information Security, take a look at all the related earlier articles