Portfolio of Evidence Lauren Middlemist Official Version PDF
Document Details
Uploaded by Deleted User
King's College London
2024
Lauren Middlemist
Tags
Summary
This document is a portfolio showcasing Lauren Middlemist's work experience at King's College London, focusing on digital technologies, and information security, including her use of Microsoft 365 and SharePoint for communication and collaboration. She demonstrates initiative in problem-solving and highlights the benefits of using digital tools with a focus on data handling.
Full Transcript
**Showcase Portfolio** **9703-12** **Lauren Middlemist** **19/09/2024** **Enrolment Number: JBF4271** {#section.TOCHeading} Table of Contents {#table-of-contents.TOCHeading} ================= [Portfolio Theme 1: Digital technologies 3](#portfolio-theme-1-digital-technologies) [Portfolio The...
**Showcase Portfolio** **9703-12** **Lauren Middlemist** **19/09/2024** **Enrolment Number: JBF4271** {#section.TOCHeading} Table of Contents {#table-of-contents.TOCHeading} ================= [Portfolio Theme 1: Digital technologies 3](#portfolio-theme-1-digital-technologies) [Portfolio Theme 2: Digital and information security 8](#portfolio-theme-2-digital-and-information-security) [Portfolio Theme 3: Digital information management systems 20](#portfolio-theme-3-digital-information-management-systems) [Portfolio Theme 4: Communication 36](#portfolio-theme-4-communication) [Portfolio Theme 5: Digital learning. 42](#portfolio-theme-5-digital-learning) [Portfolio Theme 6: Continuous Improvement. 48](#portfolio-theme-6-continuous-improvement) [Portfolio Theme 7: Teamwork 51](#portfolio-theme-7-teamwork) [Portfolio Theme 8: Application Skills Support 55](#portfolio-theme-8-application-skills-support) Portfolio Theme 1: Digital technologies ======================================= **Explains their approach to using digital office automation technologies using their initiative to get the job done.** Without the use of digital office automation technologies, King's Service Centre would not be able to provide high-level, efficient services to King's college London, especially due to the long distance between the centre and the university. There are vast majority of services that the service centre provides to King's College London including my team, IT Assurance. I handle the data protection and governance aspects of the university, I heavily rely on Microsoft 365 applications such as Outlook, Teams, SharePoint, and Excel. These tools enable real-time communication and collaboration with stakeholders from any device with an internet connection. ![](media/image2.png) **Figure 1:** IT Assurance induction email template. Outlook is used as the main emailing tool at Kings Service Centre, used by employees internally and externally to communicate with students and staff, as well as to exchange emails between departments at Kings Service Centre and King's College London. The example in Figure 1 demonstrates an email I had to send to colleagues, who are joining or moving to Kings IT. The email was to offer an IT Assurance induction session. For this, I created a new email, addressed it to the relevant personnel, and inserted the standard induction template, including the purpose, dates and duration. The reason why our team uses an email template to send out inductions is because it helps to maintain brand consistency. It guarantees that each induction, no matter who sends it upholds the same level of professionalism and delivers accurate information. In addition, this approach saved me time as when sending these emails, there is no need to rewrite them. However, when doing this, I reviewed and updated the template. Adjusting the greeting based on the time of day and modifying the scheduled induction dates as dates will change throughout the year. When signing off emails in Outlook, it's mandatory to sign off using the King's email signature as shown in Figure 1. It includes my name, role, university name, department, ITA's SharePoint site, social medias, and image of choice. This signature template is automated, it's saved as a canned response, and I use it across all my emails. It's beneficial because it automates the process of adding contact details in emails avoiding rewriting and saves times. Additionally, it effortlessly helps reinforce brand identity. **Figure 2:** IT Assurance runbook SharePoint site. SharePoint serves as a collaborative tool at King's, allowing different teams to share and store team-specific information. It can also be used to share content organisation wide; this includes team introductory pages or FAQs on topics like Cyber Essentials. The way I operate on SharePoint is to create and share a set of runbooks, which are presented in Figure 2 and 3, and these are exclusive to my team. They serve as a guide for executing processes that are needed, to complete different service requests in Helix (King's new ticket system). These runbooks were created to ensure that all members of the IT Assurance team are familiar with the correct processes in place and are consistent with resolving them. They guarantee consistency in knowledge, helping my team maintain high-quality service. ![](media/image4.png) **Figure 3**: Data storage advice runbook Figure 3 demonstrates a runbook I have created as part of my role at King's, which highlights the data storage advice we give out as part of our team. Colleagues in my team can utilise this runbook to assist researchers or dissertation students to store their sensitive or personal identifiable datasets in the most appropriate storage solution. Additionally, these runbooks include resources and screenshots to assist colleagues in ensuring that responses in ticket's comprehensively address the end-users needs, leaving no gaps in knowledge. It is important that the best data storage solution is provided to the user, as doing this helps limits data breaches and unauthorised access to sensitive or personal data, Also, ensuring compliance with the data protection regulations and standards. Contributing and helping others to achieve this level of security was a significant accomplishment to me. **Figure 4:** Third-Party Compliance and Information Security Questionnaire on Excel. Figure 4 shows an Excel spreadsheet with the questions provided by the third-party partner. Once received, I downloaded a copy of the questionnaire into my own files to manage the information, this version was also used by different teams, who handled the different questions. On the questionnaire there were questions about university policy, which was highly relevant to my role, I wrote in my answer in the box across from the question and inserted a link to policy, which the partner can use to help reinforce the university IT security. Moreover, as mentioned, the questions I was unable to answer, I escalated them to the relevant teams in Helix, it was escalated to each team one at a time. Before sending it via Helix, I highlighted the questions each team needed to answer to ensure clarity and streamline communication. Furthermore, once the questionnaire was completed, in an email I attached the edited Excel questionnaire and sent it off to the third-party partner. ![](media/image6.png) **Figure 5:** User requesting a Team's call. **Figure 6:** Accepting the Team's call and setting up a time and date. Figure 5 and 6 exhibits where I have used my own initiative in the workplace. In this example, a user who wanted to retrieve files from a deceased staff member decided to conduct a Team's call to better explain the difficult situation at hand. Changing communication methods proved to be more efficient in addressing the issue compared to exchanging multiple emails back and forth. However, the user's account in question had already gone through the decommissioning process and the files were unlikely recoverable. The user wanted a call to explain the importance of these files and to evaluate every solution I could propose to help find the deleted files. I agreed to these terms, even though this isn't usual procedure as after 90 day's a user is no longer at King's, accounts are deleted, and files cannot be retrieved but I made an exemption to the rules because I recognised the importance of the situation and wanted to deliver an empathetic and effective solution. This example demonstrates both self-motivation and responsibility. By taking my own initiative I have proactively found solutions, effectively used available resources, and took responsibility for my tasks. In addition, as the files had already gone through the decommissioning process, this task needed to be prioritised to reduce any further delays. The call had fast-tracked the process, which contributed to my self-motivation in completing this task as it gave me a sense of accomplishment. **Evaluates the use of digital office automation technologies in my organisation.** In summary, using digital office automation technologies, specifically using Microsoft 365 products to automate role-based tasks is extremely beneficial. This is because these tools streamline tasks such as email management, scheduling meetings, and communication to stakeholders. Using them allows more free time to focus on more urgent tasks. This improves efficiency to complete tasks, which contributes to the overall success of the organisation. In addition, these products such as SharePoint help facilities seamless collaboration among colleagues like document sharing, helping me and teams within the organisation to effectively collaborate towards shared objectives. Also, these tools helped maintain brand consistency across the organisation as templates can be used for emails to ensure that communication is unified, accurate and professional. However, these tools have disadvantages, as they require regular maintenance and management, including continuous software updates, system patches and continuous improvements. These tasks could potentially lead to operational disruptions, making it difficult to maintain system stability and user experience, whilst also diverting time from other important tasks. They can also be costly for organisations. Overall, the advantages outweigh the disadvantages, primarily because the use of digital automation technologies ensures organisations can carry out needed operations effectively. Portfolio Theme 2: Digital and information security =================================================== SharePoint is a cloud-based data management system hosted and managed by Microsoft. It is a platform that stores documents/data, including back-ups. It also facilitates shared access, interaction, and collaboration of documents within organisations. In addition, it offers well equipped layers of security and encryption, reducing the burden on organisations to manage these themselves. It also includes Multi-Factor Authentication (MFA) to ensure only authorised user have access. Overall, the points described above reinforce force why SharePoint makes an ideal platform for maintaining digital and information security. ![A screenshot of a computer Description automatically generated](media/image8.png) **Figure 7:** SharePoint library. At King's SharePoint is used to provide back-ups of King's shared data including sensitive or personal identifiable data. This data is usually in the form of documents and images as shown in Figure 7. Microsoft handles data back-ups by replicating data across multiple servers in their off-site cloud data centres. Back-ups of data are significantly important because they ensure data loss prevention for Kings. They defend King's against data loss caused by a data breach by offering redundancy through multiple-offsite backups provided by SharePoint. In the event of a data breach, SharePoint ensures that critical data remains accessible and protected. This is vital for business continuity and disaster recovering, as these back-ups allow Kings to restore data and maintain use of critical systems, minimising any downtime. At Kings, Rubrik and Azure are used to back up SharePoint data, providing another back-up of the back-up, boosting redundancy. Both Rubrik and Azure provide cloud-based back-up solutions. For backing up Kings data they follow a back-up standard as displayed in Figure 8. The back-up standard is there to ensure that back-ups are carried out effectively and efficiently. For this, a ticket gets sent out to Rubrik or Azure to confirm that the data has been fully backup, and the data is up to date. The reason why this is done is because if there is a disaster that caused a data loss, the organisation will need to use those back-ups to recover the lost data and ensure redundancy. A screenshot of a computer Description automatically generated **Figure 8:** King's College London, Back-up standard. Back-ups that are performed in Azure and Rubrik use different back-up rotations like full, incremental, and differential. Figure 9 demonstrates the data selected for each type of backup rotation. Type Data selection -------------- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Full It saves and provides a complete copy of the data in a system at that point of time. (Back-ups everything in the system). Incremental Captures and back-ups the changes to data made since the last backup. If the last incremental backup was on Monday, an incremental backup on Wednesday would include only the changes made from Monday to Wednesday, not the changes since the last full backup. (New data is not included in this backup, only modifications to existing files are backed up. Differential Captures and saves all the data that has changed since the last full backup. It includes all the new or modified data since the last full backup. **Figure 9:** Types of back-up rotations. However, an organisation like King's should also have local, off-line back-up solution, as online solutions can be susceptible to malicious attacks like malware or can experience downtime due to power outages. These local back-ups serve as an additional layer of protection of data, ensuring that important data remains accessible even in a disruptive event. An alternative back-up to cloud storage solutions such as SharePoint, Rubrik and Azure is RAID. RAID utilises hot swappable disks, which are disks that can be inserted and removed from the computer system without the need to shut down or restart the computer system. This enables easy replacement or addition of storage devices without interrupting system operations. RAID uses a computers software to create and manage RAID set ups. There are different types of RAID levels or set ups, comprising of just a bunch of disks (JBOD) with spanning, stripping, and mirroring. Stripping and mirroring contain parity. Parity is information that is stored across multiple disks for error checking, it provides fault tolerance to RAID levels that have it. Figure 10 shows the how RAID works. ![](media/image10.png) **Figure 10:** Multilevel configuration type for disks for RAID. A screenshot of a computer Description automatically generated **Figure 11:** IT Acceptable Use Policy, section 2.1 and 2.2. Figure 11 demonstrates the IT Acceptable Use Policy at King's College London. The IT Acceptable Use Policy outlines the acceptable or unacceptable actions regarding the use of systems and data within the organisation. In this Figure, section 2.1 and 2.2 are highlighted, these set out the procedures that need to be carried out for King's staff, to access and use King's systems like SharePoint. ![](media/image12.png) **Figure 12:** Staff training modules. To maintain data security on King's systems, all staff must complete the Data Protection and Information Security module as illustrated in Figure 12. This training helps staff understand their responsibilities and best practices for managing data including sensitive. It also makes them aware of the risks of not working securely, such as data breaches and data loss, which can lead to reputational damage to the business as well as individuals, result in fines or jail time. These points make training essential for all staff and so, King's impose mandatory data protection and information security training upon induction and refresher courses annually. Without completion of this mandatory training staff are at risk of losing access to King's systems or won't be allowed access in the first place, this is because the IT Acceptable Use Policy has been breached without the training. Figure 13 exhibits, King's Data Protection Policy, which also incorporates the GDPR, reiterating sections and articles of the Data Protection Act and GDPR. It explains how King's will ensure compliance with both legislations to protect personal data and manage incidents effectively. A screenshot of a computer Description automatically generated **Figure 13:** The Data Protection Policy. When storing sensitive or personal data within Sharepoint at King's, which is protected under the act, the platform ensures compliance by implementing encryption, access controls and back-ups. SharePoint utilises encryption to secure data storage and transmission. Encryption is organised data in an unreadable format, so if unauthorised individuals tried to gain access, they could not read the contents without a key. By using encryption, SharePoint safeguards the confidentiality and integrity of the stored data. Furthermore, encryption provides an extra layer of security to data by protecting it against data breaches, further helping kings comply with the act's standards. Also, SharePoint provides an access control mechanism, which helps ensure confidentiality of personal data because only authorised individuals will have access to data relevant to them, thereby minimising the risk of unauthorised access and maintaining compliance with the act's standards. SharePoint complies with this act as it provides an area to back-up data for shared documents as referred in Figure 7, which demonstrates compliance to the Data Protection Act. **Information Security Principles** Figure 14 demonstrates the information security principles that provide a framework for safeguarding information and maintaining a secure and reliable environment for computer systems and data. Together these principles help organisations such as Kings against several risks such as data breaches, cyber-attacks, and hardware failures, each of which can result in data loss. Preventing data is critical to information security. When engaging in activities such as transferring, storing, using, and communicating information within SharePoint, it is a must to ensure I am doing so in alignment with information security principles. Adhering to these principles safeguards sensitive data, mitigates data breaches or loss and ensures compliance with regulations such as General Data Protection Regulation (2018), Data Protection Act (2018), IT Acceptable Use Policy and other policy. As shown in Figure 7, the SharePoint library, it has tools and features such as access controls, details sharing capabilities search, upload, alerts and more. Here, online versions of applications such as Word, PowerPoint or Excel can be created, edited, and shared and can also be downloaded to be used offline. ![](media/image14.png) **Figure 15:** Information transfer (moving files/information). **Figure 16:** Transfer/import of information. ![](media/image16.png) **Figure 17:** Information transfer to library. These figures demonstrate the availability of information within SharePoint. These files that have transferred within the library can be accessed through an internet browser, from anywhere by a device with an internet connection. Which is especially useful for remote working or collaboration of files for teams (no need for the same document to be saved on multiple hard drives, access and edit file in one place). **Figure 18:** Deletion (deletion of files/information) Deleting files containing personal or sensitive data in SharePoint contributes to data integrity because it eliminates unnecessary or outdated information, thereby minimising the potential risk of confusion of myself and others who have access to this library and continued use of old, outdated information. This practice ensures that the remaining data within the library remains accurate, relevant, and reliable for me and users within the library. ![](media/image18.png) **Figure 19** Storage (saving files/information) **Figure 20:** Usage (using files/information). ![](media/image20.png) **Figure 21:** Communications (communicating the content files/information). **Evaluates the application of security measures to mitigate and protect data integrity, during transfer, storage and sharing.** In summary, SharePoint provides robust security measures to ensure data integrity during the transfer, storage and sharing of data. It protects sensitive or personal information from unauthorised individuals, data breach or loss through access controls, encryption and data redundancy. Access controls are beneficial because owners of sensitive or personal datasets on SharePoint can have control over who has access to this data, ensuring only authorised individuals can view or modify data, contributing to data integrity. In addition, SharePoint encrypts it data during transfer and storage, making it unreadable if unauthorised individuals tried to access it, again boosting data integrity. Also, SharePoint provides data redundancy as it holds a trust-worthy back-up of data from another source, which reduces the risk of data loss after a malicious attack, therefore maintaining data integrity. However, for these measures to be robust and be in effect, SharePoint requires maintenance such as updates, system patches and continuous improvements to ensure ongoing security and integrity of data stored within SharePoint. This maintenance will demand resources and time from administrators to deal with it, which may lead to system downtime and if a data loss occurred during this downtime, there may not be a reliable source of data for that period, potentially compromising data integrity. Also, upkeep can introduce human error, updates or patches may not be done correctly, potentially leading to vulnerabilities in the system, which can be exploited by attackers, therefore compromising data integrity. Portfolio Theme 3: Digital Information Management systems ========================================================= A helpdesk system is a service management tool that is designed to streamline and enhance efficiency of handling end-user queries, issues and service requests. It enables users to create, track, manage and support requests. Helpdesk systems are used as the primary point of contact for many departments within an organisation and these requests can come from internal stakeholders such as between departments or external stakeholders such as third-party partners. One key feature of a helpdesk is a ticketing system. Each ticket contains details such as such as customer contact details, description of the request/issue, priority level and any additional notes of the requests. In addition, the primary helpdesk is used by internal employees, however there is a self-service portal, which customers can use to submit requests. IT departments often rely on help desk systems to help stay organised by keeping track of requests in one place, ensuring that nothing gets overlooked whilst also ensuring streamlined teamwork and communication. The example helpdesk below is Freshdesk, which is a simulation version of a helpdesk I created, and not the platform I use in the workplace. The reason why I used a simulated environment was to allow myself to practice help desk features and functionalities. **Accessing and maintaining stakeholder information** **Adding a customer service channel** On Freshdesk, a customer service channel needs to be added. In Figure 22, the primary customer service channel is email. This means once a user sends in an email through the self-service portal it will be generated as a ticket, which will contain all the details of the request. **Figure 22:** Setting up my email channel. Figure 22 demonstrates where I located the option to link the support channel to the helpdesk. As the primary customer service channel is email, I located 'channels' in the admin settings and selected the email option. ![](media/image22.png) **Figure 23:** Linking the support channel. In Figure 23, to link the teams email channel to the helpdesk, I added the name of the channel and added the email ID (also known as the support email address) for the team. For the help desk, I have decided that all customer service requests will be forwarded to a single mail address. Also in this Figure, I assigned the channel to an assigned group, any tickets deemed as customer support will be sent to the support agents ticket queue. In addition, I changed the support email address to my own company one instead of using the one Freshdesk provided, this is beneficial because it reflects the current contact details of the company (customers may be familiar with this email address) and it aligns with the company's branding. Also, in the email ID I added the brand name, which helps make the email more indefinable to customers. **Accessing and adding in the support team** **Figure 24:** Finding agents in admin setting. Figure 24 demonstrates where I located the option to add team members to the help desk. To do this, I went into admin settings and selected agents' option. ![](media/image24.png) **Figure 25:** Adding new agents. To add a new agent, I selected the 'new agent' button at the top of the right-hand screen. A screenshot of a computer Description automatically generated **Figure 26:** Filling in the details of my agents. As shown in Figure 26, to add a new agent, I filled the agent's details into the different categories, this process ensures that all the necessary information is accurately added and up to date, allowing for competent management of the agents. Any time details change of an agent, it can be updated using the process in Figure 26. I have selected 4 support technicians to manage the service requests on the ticket helpdesk, so I completed this action four times. ![](media/image26.png) **Figure 27:** View of all the team members. Figure 27 displays all the agents in the helpdesk settings. In the Figure, there is also an administrator, who manages the system configuration and supervises the support operations. The administrator has higher access levels, they have access to advanced settings to deal with administrative tasks such as customising workflow or security, which others such as agents won't have access too. The reason why an administrator would have this level of access compared to agents is to ensure efficient management and secure operation of the system. Furthermore, all agents involved have all the same access levels and permissions because there is only one team using the whole help desk. If changes need to be added to access levels and permissions needed to be added, an administrator can easily access these settings. **Figure 28:** Helpdesk ticket queue Figure 28 displays all the tickets in the support teams' queue. In the queue, agents can see an overview of tickets, which includes the ticket description (shown in bold), the end-user's name, SLA descriptions (such as new, first response/response due, overdue), how it was created, priority and status (opened or closed). Agents can use this customer information to quickly understand the request at hand, helping them determine the next steps to take for effectively addressing the ticket. ![](media/image28.png) **Figure 29:** Responding to a ticket. Figure 29 shows a support agent dealing with a ticket request, to do this the agent opens the ticket and selects 'Reply' and assists the customer, in the form of an email. Once the ticket has been opened, the agents gain access to additional details such as the specifics of the request, any added notes and customer contact information such as their phone and email address. Agents can review all this information before responding to get the bigger picture of the situation, allowing them to address the tickets appropriately. Throughout the course of ticket, information such as status and priority can be updated to ensure the most current details are utilised. **Figure 30:** Closing a ticket. Figure 30 shows how an agent closes a ticket; the process is simple. In the top left, the button for 'Close' will successfully close the ticket. This action is essential to avoid leaving completed tickets in the queue, which can impact SLAs (SLA will be breached). As well as it helps keep queues organised and ensures ongoing tickets are not being missed. Closing tickets ensures queues remain up-to-date and are effectively managed. ![](media/image30.png) **Figure 31: Adjusting the status of a ticket.** Figure 31 displays' open and closed tickets, with closed tickets shaded in grey. This display helps agents manage information by providing a clear view of tickets statuses. If an agent had accidentally closed a ticket and didn't know, being able to see both open and close tickets, gives the agent the chance to reopen that ticket and ensure that they don't lose access to that ticket. **The contribution of helpdesk systems to the organisations performance and customer service.** Service level agreements (SLAs) ensure that helpdesk systems improve organisational performance and customer service by setting clear expectations for response and resolution times. This enhances the efficiency of handling tickets, leading to higher customer satisfaction and service standards. SLAs play a vital role in addressing high priority requests as they ensure teams prioritise resources and efforts to them, ensuring swift and effective resolutions to urgent customer requests. **Defining SLA polices.** **Figure 32:** Setting up SLAS for the helpdesk. Figure 32 demonstrates where I located the option to create an SLA policy for the help desk. To do this, I went into admin settings and typed in 'SLA' in the search bar and selected the SLA policies option. ![](media/image32.png) **Figure 33:** Creating SLA targets. Figure 33 shows the SLA policy that was created for the helpdesk. An SLA policy is an agreement between a service provider and a customer that sets out the level of service that will be provided to the customer, it includes first response times and resolutions times on each ticket. Times will depend on the priority of the request (if these have breached, the SLA has run out). It also includes the hours the SLA is in effect, either business or operational. In this example, all requests are handled in business hours and the SLA will not be in effect in non-working hours. This is useful because it helps organisations ensure that SLA targets are manageable for agents (agents will not be working on requests outside business hours) without compromising the organisation performance in resolving tickets. **Figure 34:** Setting up business hours. In Figure 34 displays the configuration of business hours for the help desk. This setup ensures that the SLAs can accurately determine when to pause, such as during weekends, which helps manages expectations and ensures timely service delivery. ![](media/image34.png) **Figure 35:** Collecting help desk usage insights. Figure 35 displays a feedback form I created, that will be sent to customers after the ticket has been marked as 'Resolved'. This feedback form was created in admin settings and in the customer satisfaction option. The aim of this is to get insights of how customers feel about the support desk's services. The form helps ensure that customer needs are being met and that requests are addressed effectively. Overall enhancing the customer experience. **Describes how I operate digital information systems.** **Example 1: Management system: MIM** The management system that I use at Kings as part of my role as an IT Assurance Officer Apprentice is MIM (Microsoft Identity Manger). MIM serves as an access and identity management system within the organisation. It helps Kings manage and secure access for its users, including affiliates, students, and third-party partners. The main reason I use MIM at King's, is to place certain accounts on "do not cull" for account preservation requests for HR, Directorate, or Heads of Departments, which can be shown between Figure 36 and Figure 40. These requests come through Helix. This process avoids removal and deletion of accounts during processes like account clean up. At Kings, when a user has left, their account would usually be deprovisioned upon the last day and deleted after 90 days. However, in cases, of ongoing HR or legal proceedings, the account may need to be preserved for future access. Additionally, accounts can be marked as "do not cull" if another user needs to access some information such as emails or files from another user's account for a later time. I have displayed this example between Figure 36 and Figure 40. This "do not cull" feature prevents accidental removal of specific accounts and ensures they remain on the system until further notice. The purpose is to preserve the account on King's systems until the necessary information can be accessed. This process stops the account from being deleted from the system. **Figure 36:** Searching a Kings staff member in MIM. To carry out an account preservation request, the user who had requested this, gave me the user's full name, k number and reason for preservation of who's account they wanted to preserve. Using the information provided, In MIM I searched the name of the user and located the account needed to be preserved. ![](media/image36.png) **Figure 37:** Changing the status of an account, part 1. In Figure 37 to complete this account preservation request, I opened the account details by clicking anywhere on the displayed name, a pop-up pane showed up and from here and I clicked on the "status" tab. The "status" tab is where I can find the feature to "do not cull" the account. **Figure 38:** Changing the status of the account, part 2. Figure 38 shows me going to the "KCL Cull Status" option in the "status" tab and selecting "do not cull". This is the only method of performing this task. ![](media/image38.png) **Figure 39:** Changing the status of the account, part 3. In Figure 39, I had clicked on the "detail" tab, which is found on the same pop-up pane (shown in Figure 38) and added a note to the Internal Notes Section, to explain why the account is on do not cull. I had written "see ticket (inserted ticket number) -- do not cull". I included this note as the request to do this came through Helix as an account preservation request. This information is now entered and stored in the internal note section, so anyone such as the Collaboration and Identity Management, who delete or set the account for its decommissioning process can look at this internal note and see why the account is on "do not cull" and now they will keep it on Kings Systems until a reviewing process. **Figure 40**: Submitting the changes I have made to the account. Once I clicked on the "OK" (found in Figure 39), I reviewed the final screen for accuracy, in Figure 40, it showed what had been changed. This step ensures that any mistakes or accidental clicks are caught, maintaining data accuracy and integrity and it avoids any potential issues that may arise from inaccuracies in the system. Once I was satisfied with the choices I made, I clicked "Submit". From this process, the account is preserved and will not be deleted from Kings systems. **Example 2: Kings College London on Policy Hub, found on KCL intranet.** A bespoke digital system I use and perform maintenance on is the Kings College London Intranet, but specifically on the Policy Hub. The Policy Hub is a centralised repository for organisational policies, procedures, and best practices. As part of my role at Kings, I need to annually review and update the IT policies within the Policy Hub as shown in Figure 41. The reason for this maintenance is to help puts King's in line with the ISO 27001 standard. The ISO 27001 is a framework for effectively implementing, maintaining, and improving information security of systems. By maintaining policies, procedures, and best practices, it ensures that the information is up-to-date and relevant, so that the King's community always have the accurate information. ![](media/image40.png) **Figure 41:** Adding changes to the email and collaboration tools procedure. (Produced in a word document). In Figure 41, shows what procedure I chose to make changes on, this Figure shows what the procedure looked like before the changes were made. **Figure 42:** Adding the change log and information within that log. To be in line with the ISO 27001 standard, a change log needed to be added to the bottom of the procedure. The data that I entered in this change log was version (each version reflects different changes, a higher version number means the most up-to-date policy or procedure information), date of update, name (accountability reasons), role of updater and the changes that were made. Change logs are useful as they provide a clear record of the modifications made to the IT procedure, ensuring transparency, accountability, integrity, and efficient tracking of procedure/policy changes of information. **Example 3: Human resource system -Teamseer (part of PeopleXD).** A human resource system that I use at Kings is Teamseer. It's used to help Kings staff organise and manage their own holidays and other absences. In addition, the system can be used to track other King's staff leave and holidays (users of this system can select the individuals they want to see, for my case I see my members of team). ![A screenshot of a computer Description automatically generated](media/image42.png) **Figure 43:** Teamseer calendar view/booking leave. The different types of leaves that I can request, are organised, and categorised into different colours, shown in Figure 43. The example where I have booked leave for a doctor's appointment is discussed in Figure 43. The way I did this though, was by clicking the "MISC" tab and selected the "Doctors Appointment" option, clicked the date, and stated for how long I will be away for (half a day in my case). Using different colours to categorise leave types makes Teamseer beneficial because it provides a clear visual representation of leave. This system makes it quick and simple for all King's employees to identify other colleagues leave and reason for leave but to also manage own types of leave. Overall, it reduces confusion and promotes understanding of why some people may not be available for a period of time, which helps improves communication within the organisation. **[Outlines the impact of use of digital information systems on the organisations performance.]** The impact of the use of digital information systems on an organisations performance can be extremely beneficial, this is because **Figure 44:** Features and calendar view of Teamseer In Figure 44, there's a key for TeamSeer that I utilise to check my team member's leave throughout the year. Every month I refer to the calendar and on some months such as summer/school holidays, it has become evident that some team members have scheduled most of their leave around here. Due to this, I have used this data in the key and strategically planned to allocate additional staff to help me handle tickets during these periods. This preparation ensures the operational efficiency of the team and support coverage. ![](media/image44.png)**Example 4: Helix (King's Ticket System), Power BI and Excel.** **Figure 45:** Helix ticket view. Figure 45 shows Kings IT ticket system, Helix. The purpose of this system is to manage service requests for different types of IT services handled at Kings. These requests come from Kings College London staff and students, King's employees, or third-party partners. Each month, ticket statistics from Helix for IT Assurance are automatically logged in Power BI. The IT Assurance Senior compiles this data, including numbers and ticket types, into a raw format. I am tasked each month to organise this raw data into a graph for visualisation and organisational purposes. To do this, I created a table in Excel and exported it to PowerBI for graph values. With a Power BI course certification earned during my apprenticeship (shown in Figure 46), I feel confident in utilising Power BI to analyse trends/insights from graphs created from my team's monthly tickets, Figures 47 and 48 display the statistics for October. **Figure 46:** Power BI training course on Microsoft Learn. ![](media/image46.png) **Figure 47:** Using Excel to produce a table of October ticket statistics. **Figure 48**: A graph I created in PowerBi from ticket statistics from the month of October. This practice helps me, and my team keep track of our monthly tickets including type and volume, making it simpler to identify trends. As seen in Figure 48, we handled more software requests more than any other ticket, me and my team can use this insight to investigate the potential causes behind this and address them effectively (what we need to be able to cope with these insights that are produced). ![A graph showing the average price of a house Description automatically generated](media/image48.png) **Figure 49:** Example of me forecasting data using Microsoft Excel. In Figure 49, displays a simulation I had created in college. It shows a trend line graph in Excel, for house prices between 1975-2030. The data I inputted into the table, which I created using Excel, was only up to 2012, but I wanted to look at house prices up to 2030. To do this, I created a forecast graph, which is used to predict future trends based on existing values. So, Excel used the values I had already inserted in the line graph and generated a forecast line (shown in grey in Figure 49) and this line is a prediction of the house prices up to 2030. This projection is useful because it provides insights into potential future values and trends. I can use the skills I learnt when creating this simulation and use it for forecasting and predicting data from IT Assurance monthly ticket statistics. I could do a forecasting/trend line graph for each category of tickets for IT Assurance and the month. For example, at the end of the year I could take how many software requests we have had from January to December and predict how many our team will have the next year, for each month. Doing this process is beneficial to my team as it helps predict future scenarios, allocate resources efficiently and enhances decision making. **Outlines the impact of their use of digital information systems on the organisation's performance.** Implementing digital information systems such as a ticket system can significantly impact an organisation's performance by greatly improving how organisations manage end-user requests. This is because it makes the process more efficient and streamlined, as all end-user requests are handled and organised into one place. Reducing, the time needed for teams to search through multiple channels to find requests. Therefore, employees can get quick access to them, which means faster response times whilst increasing customer satisfaction. In addition, ticket systems automate tasks such as ticket assignment and notifications (such as updates, new tickets, or SLAs reminders). By automating these processes, organisations reduce the need for manual effort and ensure that tickets are addressed promptly and not missed out, again leading to faster response times and higher levels of customer satisfaction. However, if digital information systems have updates that require training or are being used by new staff, this can impact response times as it makes them slower. This then leads to a delay in addressing end-user needs and could potentially reduce customer satisfaction levels. Furthermore, a ticket system has SLAs, and these may be breached due to training, which may result in decreased trust in the organisation to be able to handle requests effectively. Portfolio Theme 4: Communication ================================ **Switching communication methods** +-----------------------+-----------------------+-----------------------+ | **When** | **Why** | **How** | +=======================+=======================+=======================+ | Going from **a ticket | This switch was made | Going from Helix | | system**, where I was | because it was more | system (which handles | | handling a request to | efficient in | work orders, | | retrieve | addressing the issue. | incidents, tasks or | | decommissioned files | The files in question | emails at Kings | | from a deceased staff | were unlikely to be | Service Centre) to a | | member and was | recoverable. The user | Microsoft Team | | communicating with | wanted call to | meeting (the main | | back-and-forth | explain the | conferencing tool at | | **emails** within the | importance of these | Kings), the request | | ticket and then | files and wanted to | will be addressed | | switching to a | exhaust every | through online | | **one-to one remote | solution to help find | discussion. | | meeting** as per the | the files. Difficult | | | user's request, to | conversations involve | | | better explain the | emotions, and | | | difficult situation | one-to-one calls | | | at hand. | allow a more personal | | | | and empathetic | | | This communication | communication that | | | switch is shown | was needed for the | | | between **Figure 5** | user. | | | and **6.** | | | | | Also, the situation | | | | regarding the process | | | | of decommissioned | | | | files needed further | | | | explanation, and this | | | | one-to-one approach | | | | helped clarify it. | | | | This direct | | | | communication method | | | | allows for instant | | | | questions and | | | | answers, minimising | | | | any misunderstanding | | | | that might have | | | | occurred prior in the | | | | ticket. | | +-----------------------+-----------------------+-----------------------+ | Carrying **out group | These are set up to | Users will get a | | IT Assurance | introduce the IT | Microsoft Team link | | inductions** to new | Assurance team and | via Outlook, which | | or moving IT staff | give a general | they can click on, | | within Kings rather | overview of how we | and it will take them | | than **individual IT | can assist the | to a video call. | | Assurance | attendees. Carrying | | | inductions**. These | out group inductions | | | inductions address | rather than | | | groups at the same | individual ones saves | | | time, with the same | time as they address | | | content that they | multiple people at | | | need to know. The | once and they ensure | | | content is delivered | that everyone | | | as a PowerPoint. They | receives a consistent | | | are led by anyone in | message as everyone | | | the IT Assurance team | hears the same | | | (my team). | information | | | | simultaneously. This | | | This communication | prevents confusion | | | method is illustrated | and ensures a clear | | | in **Figure 50.** | understanding of how | | | | IT Assurance can help | | | | attendees. | | +-----------------------+-----------------------+-----------------------+ | Changing from using | This decision to | Meeting request in | | **emails** (Outlook), | switch from email to | Teams calendar can | | where instructions | a face-to face | add a meeting to the | | are written out in | meeting was necessary | calendar of the Cyber | | the email to Cyber | as the instructions | team member | | Security member for | needed to be | responsible for | | completion of a | clarified and the | handling the request | | third-party | Cyber team member | (seen in Figure 52). | | compliance and | needed me to work | When setting up the | | security | through the whole | meeting in Teams I | | questionnaire, to a | process with them. It | can add the time of | | **face-to-face | ensured that the task | the meeting, | | meeting** to carry | is completed | attendees and chosen | | out the instructions | properly. As well as | location (the | | given out in the | on-time as the | meetings will usually | | email. | response was instant, | be held in meeting | | | ensuring quick and | rooms provided by the | | This communication | immediate | organisation, in | | change can be | communication. (Back | different offices). | | displayed in **Figure | and forth email's | | | 51** and **52.** | would have been time | | | | consuming and could | | | | potentially breach | | | | the target date of | | | | the questionnaire). | | | | | | | | Face-to face meetings | | | | provide a more | | | | effective way to | | | | tackle potential | | | | challenges and | | | | misunderstanding that | | | | the other Cyber team | | | | member had. | | +-----------------------+-----------------------+-----------------------+ **Using appropriate terminology.** **Example 1: Communication through Helix ticket system and Microsoft Teams.** Figure 5 and 6 shows a response to an end-user in Helix. Helix is a platform for internal and external communication at King's. Internal communication involves the exchange of internal notes, tasks, and emails between departments within Kings College London and Kings Service Centre. External communication entails sending direct emails from the ticket to end-users such as students and third-party partners. Helix is a formal communication channel; it's used for work-related matters. All requests need to be addressed clearly and professionally, and terminology needs to be adapted appropriately, ensuring end-users receive accurate, effective information and solutions. I use this daily in my role to handle the different service requests related to IT Assurance. As referred to in Figures 5 and 6 is an example of a subject access request , for a faculty member at Kings College London, please refer to figures for purpose. Within the call the process about decommissioned accounts and discussions about solutions such as reaching out to Collaboration and IDM or Productivity (these teams handle OneDrive and Outlook) to see if account files and emails can be found on a back log were raised. During the call, it became evident that the user was not familiar with the processes and solutions involved as its not part of their usual roles at King's to be familiar with them. Therefore, I opted to minimise the use of industry specific terminology and If terminology was used when communicating with the user, it was only when it was essential for conveying the message accurately. I made sure to elaborate on the points, in simpler terms to ensure the message was clear as possible. The objectives were to prevent any unnecessary confusion and to effectively convey the processes and solutions to finding the files and emails. **Example 2: Communication by video conferencing.** **Figure 50:** Presenting an IT Assurance induction with team members to people who have joined or moved within King's IT. Figure 50 shows a virtual meeting in Microsoft Teams, an online collaborative platform used by King' employees (internal communication). I can use Teams to conduct online meetings, discussions and deliver presentations with other colleagues within my organisation, regardless of their location. The many features of Microsoft teams make it ideal for both formal business meetings and casual team discussions. In this Figure, I used Microsoft Teams to facilitate an online presentation for an IT Assurance induction, to give an overview to the participants about what IT Assurance do, who the teams members are and how we can assist them in their roles. In terms of terminology used, these sessions are informal, and the session was about introducing ourselves. The individuals who attended the session, they usually have very limited or no understanding of the concepts of IT Assurance (data protection and risk and continuity). So, in this case, when presenting and explaining, terminology was simplified, and intricate details were avoided. This was done to avoid overwhelming the participants with complexity. Due to the purpose department-specific jargon is not required to get this message across. Furthermore, any questions that I answered in the meeting from the chat box, the points above about terminology are the same. This ensures that all participants can grasp the key messages effectively. **Example 3: Communication through Outlook, email platform and face-to face.** ![](media/image50.png) **Figure 51**: Answering a query via email about a Third-party Compliance and Security questionnaire sent by a Cyber Security team member. **Figure 52:** Setting up a face-face meeting with Cyber Security team member. Figures 51 and 52 illustrate different channels of communication used at King's Service Centre, Outlook and face-face meetings as shown in Figure 52. Users can compose, reply to and forward emails internally and externally either to departments within King's or to King's College London students or third-party partners. Figure 52 shows a meeting request in Microsoft Teams, which was set up regarding the email in Figure 51 (request for this call was sent as a direct message in Teams). In the example, I discuss a Third-party Compliance and Security questionnaire with a Cyber Security team member. Since many of the questions are Cyber-related, I needed their assistance to complete it. The team member had trouble locating a specific question, which was resolved quickly by sending a screenshot of it. This type of communication is formal, these are work-related tasks (I am completing a questionnaire on behalf of a third-party partner, they need these filled out to apply for data/research data), it is a must that they are completed to an appropriate standard. When communicating with Cyber I needed to be clear and professional, this ensured that it is accurately and effectively completed. In the email itself IT specific jargon is not used; this is because it's a simple question. However, a face-face meeting was required to further assist them with more questions and to also explain the purpose of this questionnaire, so they could be more prepared in future questionnaires. So, we worked through the questionnaire together. The questionnaire questions themselves contain high-level, Cyber terminology as shown in Figure 53. When discussing, it was entirely appropriate to utilise Cyber terminology since the user was part of the Cyber Security team (understood specific IT knowledge/content). In addition, the use of technical terminology is necessary for accuracy as I needed to ensure they were providing the correct information, there was no need to translate it into normal language. ![](media/image52.png) **Figure 53:** Third-party compliance and security questionnaire, highlighting a question for Cyber Security. **The CRAAP test for evaluating accuracy of websites.** +-----------------+-----------------+-----------------+-----------------+ | Acronym | Criteria | Questions to | Good example | | | | consider | | +=================+=================+=================+=================+ | C | Currency: How | When was the | Ncsc.gov.uk. It | | | recent the | information | shows currency | | | information is. | published? Is | by regularly | | | | the information | updating its | | | | current or up | content with | | | | to date? | the latest | | | | | information | | | | Has the | regarding Cyber | | | | information | Essentials. | | | | been revised or | This is evident | | | | updated? Should | as the most | | | | it have been | up-to-date | | | | updated? | version of the | | | | | Cyber Essential | | | | Is the | standard is | | | | publication | available here. | | | | date | | | | | appropriate for | I regularly add | | | | your research | a link to Cyber | | | | needs or topic, | Essentials in | | | | or does it need | my runbooks or | | | | to be more | in tickets | | | | recent? | surrounding the | | | | | topic such as | | | | | referencing | | | | | sections for a | | | | | customer. This | | | | | source provides | | | | | the most-up to | | | | | date and | | | | | reliable | | | | | resource for me | | | | | to use. | +-----------------+-----------------+-----------------+-----------------+ | R | Relevance: The | Does the | When reviewing | | | importance of | information | a software | | | the information | directly relate | privacy policy | | | for the user's | to your topic, | in my role to | | | needs. | or does it | approve a | | | | answer your | software | | | | question? | request for an | | | | | end-user, it | | | | Is it suitable | needs to relate | | | | for the | to the | | | | audience its | software's data | | | | intended for? | protection | | | | | methods in | | | | Is the | appropriate | | | | information at | detail. This is | | | | an appropriate | because I need | | | | level for the | to justify my | | | | user? (Not to | reasons for | | | | advanced or | either | | | | simplified for | approving or | | | | your specific | rejecting | | | | needs). Is the | downloads for | | | | source too | software. The | | | | broad or too | policy should | | | | narrow for your | clearly outline | | | | specific needs? | how the | | | | | software will | | | | Has a variety | protect, store, | | | | of sources been | and share | | | | examined before | sensitive data, | | | | choosing the | avoiding broad | | | | one to use? | statements. | | | | | | | | | | If the privacy | | | | | does not | | | | | address the | | | | | specific | | | | | aspects of the | | | | | software I | | | | | cannot use the | | | | | source, I will | | | | | need to do | | | | | further | | | | | research to | | | | | understand its | | | | | data protection | | | | | practices | | | | | elsewhere. | +-----------------+-----------------+-----------------+-----------------+ | A | Authority: The | Who is the | NHS website, it | | | source of the | author/publishe | is considered a | | | information. | r/source/ | source with | | | Looking at | organisation | authority when | | | credibility and | responsible for | it comes to | | | knowledge of | the content? | healthcare | | | the source | | related | | | providing the | What are the | information. | | | information. | authors/source/ | It's a | | | | publisher/ | reputable and | | | | organisations | official source | | | | qualifications, | for health | | | | credentials or | information and | | | | expertise on | services. | | | | the subject or | | | | | information | It provides | | | | needed? | reliable and | | | | | evidence-based | | | | Is the source | information. | | | | published by a | | | | | reputable | When informing | | | | organisation or | users of how to | | | | publisher known | risk level | | | | for accuracy | their sensitive | | | | and | data to know | | | | reliability? | where to store | | | | | it, I send a | | | | Is the author | link to the NHS | | | | associated with | Digital Data | | | | any | Risk Model as I | | | | organisations | know the source | | | | or influenced | is from a | | | | by any biases | well-known | | | | that could | source and will | | | | affect the | contain expert | | | | objective of | knowledge | | | | the | ensuring data | | | | information? | is assessed | | | | | properly. | +-----------------+-----------------+-----------------+-----------------+ | A | Accuracy: | Is the | ICO website. | | | Assesses the | information | Using this | | | reliability, | supported by | source to | | | truthfulness, | evidence or | reference | | | and correctness | cited sources? | exceptions for | | | of the | Any cross | FOI requests I | | | information. | references? | handle in the | | | Free of errors | | workplace. | | | and biases. | Can you verify | | | | | the information | The ICO website | | | | accuracy by | cross-reference | | | | cross-referenci | s | | | | ng | these | | | | it with other | exceptions from | | | | reliable | the official | | | | sources? | FOI Act, this | | | | | verifies the | | | | Where does the | information as | | | | information | it's from a | | | | come from? Is | different | | | | it a trusted | trusted source, | | | | source? | increasing its | | | | | credibility and | | | | Does the | reliability of | | | | language of the | the | | | | source seem | information. | | | | biased? Is it | | | | | tone free of | The ICO website | | | | emotion? | is unbiased as | | | | | its the | | | | Are there any | official | | | | typos, | website for the | | | | spelling, or | Information | | | | grammatical | Commissioner | | | | errors? That | Office, no | | | | may affect the | intentions than | | | | credibility of | to neutrally | | | | the source. | inform people | | | | | on data | | | | | protection | | | | | laws. | | | | | | | | | | As well as no | | | | | spelling or | | | | | grammar | | | | | mistakes, | | | | | ensuring clear | | | | | and accurate | | | | | information. | +-----------------+-----------------+-----------------+-----------------+ | P | Purpose: The | Is the source | Microsoft | | | reason the | aligned with | website. I | | | information | your research | utilised it for | | | exists. The aim | goals and the | a research | | | of the | type of | project on data | | | information and | information you | storage options | | | whether it | need? | and their | | | meets the | | website fits my | | | user's specific | What is the | purpose as it | | | needs. | primary purpose | offers storage | | | | of the | options such as | | | | source/informat | SharePoint and | | | | ion | OneDrive. | | | | (is it to | | | | | inform? | It serves as a | | | | persuade? To | platform for | | | | teach? To | users such as | | | | entertain? Or | me to access | | | | sell?) | information | | | | | only related to | | | | Does the | Microsoft | | | | source/authors | products and | | | | have a | services. Its | | | | particular | intentions are | | | | agenda or bias | clear and | | | | that might | unbiased, | | | | affect | aiming to | | | | objectivity? | assist and | | | | | inform users on | | | | Are intentions | areas related | | | | or purpose | to Microsoft. | | | | clear from the | | | | | authors? | | | | | | | | | | Is the content | | | | | fact? Opinion? | | | | | Marketing? | | +-----------------+-----------------+-----------------+-----------------+ Portfolio Theme 5: Digital learning =================================== In Figure 54 displays a part of my Personal Development Review (PDR), which is my PDR's next objectives, development, and career aspirations. With my line manager's help, I use this PDR to plan and organise learning activities for skill development. It outlines my progress, including goals, objectives and deadlines for achieving new digital/role-based skills. It can include completing online courses, completion of tickets, participating in workshops and conferences, obtaining relevant certifications and other work-related tasks. By integrating digital/role-based skill development into my PDR plan, I can ensure that my learning activities are purposeful and contribute directly to my career advancement. **Figure 54:** PDR aims and objectives for the next 12 months. In Figure 54, my manager and I outlined my goals and objectives for the next 12 months. By accomplishing these goals as outlined in PDR, I\'ll be able to improve my overall skillset ensuring long-term success in my role. As stated in my PDR these goals have either been completed or will be completed soon. All goals will be completed online through a variety of virtual platforms (such as SharePoint) or virtual training sessions (such as Digital skills hub, Microsoft Learn or LinkedIn Learning). To meet these targets, I have allocated time in my Microsoft Teams calendar and prioritised them from target date, meaning the ones with the earliest target date, will be completed first and so on. By scheduling and organising my time in this manner, I ensure I keep myself accountable and stay on track. **Digital learning I have taken to extend own knowledge and skills relevant to my role.** **Example 1: Microsoft Learn:** ![](media/image45.png) **Figure 55:** PowerBi training course on Microsoft Learn. Figure 55 shows a course I had undertaken on Microsoft Learn called "Describe the Capabilities of Microsoft Power Bi", which helped me gain an understanding of Power BI, its uses, and its capabilities. By completing this course, I gained a badge. Though Power BI is not an AI program it does incorporate AI features like interactive graphs, which has contributed to my AI training, which was an aim to accomplish in PDR as shown in green. Using these features it has helped me understand some AI concepts and applications, enhancing my overall skill set. Furthermore, to solidify my understanding, I have used these acquired skills and knowledge and put them into action while using Power BI (Figure 56), allowing me to effectively analyse data and create meaningful graphs. **Figure 56:** Using Power Bi ![A screenshot of a computer Description automatically generated](media/image55.png) **Figure 57:** Selecting a ticket type. In this figure I am following the simulation and using knowledge I gained from this course to create a report, based on the ticket statistics from Helix that me and my team deal with. Using Power BI, I have designed an interactive graphical representation that focuses on the month of October, measuring the ticket type by the number of tickets. An AI element of this graph is that Power BI can create an automatic table below of every ticket type, the number of each ticket type and the total number of tickets received for that month (See Figure 56). Also, as seen in Figure 57, Power BI provides an interactive feature, where I can select a specific ticket type on the graph, and it will automatically only look at the number of tickets for that type of ticket. The goal is to use this understanding and to generate these reports monthly using Power BI to monitor and gain insight into ticket trends, I can also use these reports to find whether there are any increases or decreases of certain tickets and then make decisions based on these insights. This online learning has helped me extend my knowledge and skills in Power BI and now I feel capable of creating reports for different areas of my department. **Example 2: LinkedIn learning:** **Figure 58:** LinkedIn learning courses completed. Figure 58 shows LinkedIn Learning, which is a digital resource I use for learning new skills needed in my workplace to fulfil my role. This online platform offers a wide range of courses and tutorials covering various topics. The resource provides video-based lessons that enable me to either strengthen or acquire news skills and knowledge, which makes it a valuable resource for professional growth. ![A screen shot of a computer Description automatically generated](media/image57.png) **Figure 59:** Certificate I gained from LinkedIn learning. Figure 59 shows a course I had taken on LinkedIn learning, GDPR compliance training. I took this course because it significantly enhanced my understanding of the GDPR, which will be useful for passing the GDPR foundation in the future. Which was stated as a target in my PDR as shown in blue. This course had provided me with the necessary understanding of regulation requirements. From this I understand how an organisation including my own can effectively implement measures that ensure compliance and protection of personal data. It also helped me to understand who the GDPR impacts, responsibilities of processors and controllers and how to mitigate risks like data breachers and costly legal consequences. **Example 3: Digital Skills Hub.** **Figure 60**: Digital Skills Hub courses. Figure 60 shows courses offered by Kings College London Digital Skills Hub, accessible via their SharePoint site. These live, interactive courses are delivered over Teams by Kings. Participants work alongside with the trainer to practice skills to gain knowledge on different topics. I have used this online resource to complete a course to understand how to use SharePoint (the course is called "Introduction to SharePoint") including how to create pages and link pages to other pages. A SharePoint page is web-based document designed for displaying content and facilitates collaboration. The course was useful for my role at Kings as I use SharePoint to store important information, which is shared with my team members. For example, as highlighted in pink in my PDR, I needed to create a repository of information for expert information regarding IT Assurance, I used the skills obtained from the course to create a SharePoint page in my teams Sharepoint to host the repository of information. **Development of sustainability in my organisation.** ![](media/image59.png)**Example 1: Microsoft sustainability Course** **Figure 61:** Online sustainability course by Microsoft Learn. Figure 61 demonstrates a Microsoft ignite training course, "Microsoft Cloud for Sustainability", which helped me summarise how organisations can reduce their impact of climate change, sustainability and move towards net carbon zero. Through this course, I learned about sustainability concepts, how to track emissions and looked at customer scenarios in the courses Microsoft Sustainability Manager. Additionally, I configured features with Microsoft Sustainability Manger, a tool designed to help organisations track, analyse, and manage sustainability related data. This tool includes features for data collection, calculation of various sustainability metrics based on the ingested data, and reporting (allows users to generate reports, summarising the environmental impact and sustainability of the organisation), which in all support environmental and sustainability efforts. I can use this course to help improve sustainability and climate change and move towards net carbon zero in my organisation. This is because it has provided me with an understanding of digital technologies tools such as Microsoft Sustainability Manager, which can be used in any organisation to ensure sustainability and best practices. I can share my insights with my organisation to help improve their environmental efforts. **Example 2: WEEE regulations and processes.** King's Service Centre uses WEEE processes to dispose equipment. Which is the waste electrical and electronic equipment directive on the collection, recycling, and disposal of waste electronic equipment. King's have contracted two companies to ensure sustainable disposal of this equipment, which helps limits the effects of climate change and to help move towards net carbon zero. It does this by recycling and reusing as much equipment as possible as WEEE then will repair and refurbish equipment, which reduces the amount of waste that will be sent to landfills and conserves valuable resources. By conserving resources, the WEEE regulations reduce the need to manufacture new equipment. Making new equipment uses significant energy and transportation resources, leading to pollution and greenhouse gas emissions. So, by reusing equipment, the regulations limit pollution and greenhouse gas emissions. In addition, by using WEEE it prevents harmful substances from being leaked into the atmosphere, reducing pollution and environmental harm. Portfolio Theme 6: Continuous Improvement ========================================= Within my team at King's Service Centre, service requests had started to evolve in the level of knowledge that was needed to successfully resolve the request. Due to this, it was evident that IT Assurance team members had gaps in their knowledge and me, and the rest of the team took a lot of time searching the internet or documents to find the answers. This became inefficient, which is why I created a central knowledge base, known as the Data Security and Protection Information Repository and this was on the IT Assurance SharePoint site. This site holds important knowledge that I and other members of the IT Assurance team can efficiently access and refer to when working on service requests. I created this page with a Senior IT Assurance Officer as we have the most expert knowledge when dealing with requests. This improvement is a process improvement, this is because I have changed the method of which we share and store knowledge within the team, it has improved productivity and confidence in the team. **Figure 62:** First draft of knowledge base. ![](media/image61.png) **Figure 63:** Current draft of knowledge base. This project adopted the Agile methodology. Agile is an iterative (where tasks are repeated and refined in a cycle), flexible and customer focused approach, it mainly applies to software development, however, it can be used in many fields such as the release of knowledge base as shown in Figure 62 and 63. This approach values collaboration, adaptability and delivers small incremental improvements. In the case of the knowledge base, the Scrum method of agile was implemented. In Scrum the development process is organised into fix periods called sprints, each sprint last 2-4 weeks. At the start of the sprint, me and the team members involved, planned what tasks and goals needed to be done during the sprint. For the knowledge base, the first sprint was to find an area where to store the repository of information (SharePoint was chosen), first draft of structure and to start adding different topics on the page. The first sprint progress is demonstrated in Figure 62, this was the first live version of the knowledge base. After the sprint, me and the team reviewed the completed work in a meeting, and I received feedback. Also, a retrospective session was held at the end of the sprint to discuss any improvements and lessons learnt, the goal is to continuously improve during these sprints. After multiple sprints, where feedback and improvements had been made, the most current version of knowledge base can be shown in Figure 63. The feedback we received in the sprints was to add images, clear and neat structure and to ensure that topic titles linked with the information, which is shown in the Figure 63. This project is still being continuously improved as information is constantly changing, so new information or topics will always need to be added. A benefit of agile scrum method is that agile allows an organisation or teams to respond swiftly to changing needs and customer feedback. This adaptability allows organisations to adjust its plans and provide to a changing business environment effectively. Another benefit, is that it encourages teamwork and open communication among teams, fostering shared goals. This is important because it promotes collaboration and reduces barriers between teams, helping achieve better overall success. Lastly, agile prioritises customer satisfaction, ensuring organisations and teams stay responsive and maintain customer needs. Which leads to higher satisfaction and delivery of products as they have better aligned with their expectations and needs. **How productivity and performance has been improved of existing processes and digital systems.** Creating this knowledge base, has significantly improved productivity and performance in my team. This is because it has ensured that the knowledge across the team is standardised and has improved. It provides a central place, where up-to-date, accurate and high detailed information for team members to use. It has helped ensure that responses to customers are accurate and trustworthy. As it reduces the likelihood of errors and misinformation. Leading to higher customer satisfaction and performance rates. In addition, this knowledge base has provided a quick way to retrieve resources, there is no longer the hassle of going through different areas and documentation to find the information that is needed. It has allowed me and other team members to answer the tickets in ease. It has improved the overall efficiency of the team as it allows me and other team members to concentrate on the task itself, which boosts overall productivity. Moreover, the quick retrieval results in quicker response times, ensuring that customer receive timely assistance, which therefore increases overall satisfaction with the service. Also, this knowledge base proves beneficial as when one of the team members is absent due to illness or leave, in such cases me and other teams' members can manage the absent colleague requests effectively by utilising the expert knowledge in the repository. This approach ensures that IT Assurance delivers consistent responses to customers and uninterrupted service, which leads to better performance rates. **Figure 64:** Role of IT Assurance in research project site page. Figure 64 shows a knowledge page for the repository of information. Using a paperless repository of information instead of a paper copy for each member of the team is sustainable because it reduces the environmental impact of paper/ink production, shipping of paper and ink and disposal of print resources. It leads to a reduction in pollution rates and minimises waste production, making it a more sustainable choice for information storage. Furthermore, accessing this knowledge base online helps conserve paper, ink, natural resources as well as energy as there is no need for printing numerous copies of the same documentation. Overall, King's is aiming to be a paperless organisation, already most documentation is paperless. Portfolio Theme 7: Teamwork =========================== At King's, one of my responsibilities, as illustrated in Figure 4, is to complete Third-party Compliance and Information questionnaires. This task requires collaboration with multiple teams, including my own, to gather the necessary information. Coordinating this process can be time consuming, as I am waiting for responses and sourcing answers. Effective time management is crucial for this to ensure timely completion. Additionally, it is important to communicate effectively with the relevant teams and utilise the appropriate digital channels to ensure all teams receive the necessary information. Firstly, to ensure this task is completed on time and receives the necessary attention, I use the time management matrix. Helping me manage my time efficiently and ensure that high-priority tasks are addressed appropriately. It does this based on the task's urgency and importance. It divides my to-do list into 4 categories, which are important and urgent (Quadrant 1), not urgent but important (Quadrant 2), urgent and not important (Quadrant 3) and neither urgent nor important (Quadrant 4). +-----------------------------------+-----------------------------------+ | **Important and Urgent | **Important and Not Urgent | | (Quadrant1):** | (Quadrant 2):** | | | | | These tasks need immediate | Tasks here are important and are | | attention and are considered as | significant for long-term | | crucial matters or emergencies. | success, but they don't require | | These cannot be postponed without | immediate attention. They are | | serious consequences. | proactive activities such as | | | planning, goal setting and | | **Example 1:** Sudden data | personal development. | | breach. It requires immediate | | | attention to reduce the potential | **Example 1:** Completing | | damage and to mitigate the | Third-party Compliance and | | security risk. Delays can lead to | Information Security | | severe consequences such as | Questionnaire. This is here | | reputational damage, exposure of | because it has been given a | | sensitive data and confidential | reasonable timeline for | | data, data loss, financial | completion, to gather the answers | | losses, and legal issues. | from myself and other teams, it's | | | not urgent if time is managed | | | effectively. It is crucial to | | | complete as these questionnaires | | | are needed to show the | | | organisation's data compliance | | | and security posture, so the | | | organisation can bid on research | | | or government contracts. | +===================================+===================================+ | **Not Important but Urgent | **Not Urgent and Not Important | | (Quadrant 3):** | (Quadrant 4):** | | | | | These tasks are urgent but don't | Tasks here are viewed as time | | directly link to my long-term | wasters, offering little or no | | goals. They are usually | value to professional and | | interruptions or distractions | personal goals and success. | | that demand immediate attention | Reducing time spent in this | | but don't contribute considerably | quadrant can free up time for | | to my overall success. | meaningful activities such as the | | | ones in Quadrant 2. | | **Example 1:** Attending | | | unnecessary meeting often feel | **Example 1:** Scrolling through | | urgent as there is short notice, | social media is neither important | | but they don't align with my core | nor urgent, it can be done at my | | tasks or long-term goals, making | convenience. It does not directly | | them unimportant. They distract | relate to my crucial | | me from more crucial tasks in | responsibilities or long-term | | quadrant 1 and 2. | goals. It just for entertaining | | | and is a time-wasting distraction | | | if not managed properly. | +-----------------------------------+-----------------------------------+ **Figure 65:** Time Management Matrix. The idea is to focus on tasks that are important and not necessarily urgent (Quadrant 2 because they improve long term productivity, encourage a proactive approach to time management and reduces the need to handle crises like in Quadrant 1 or time-wasting activities like Quadrant 3 and 4. The Quadrant 2 tasks are crucial for achieving long-term goals, personal growth, and overall development. They also lower stress by ensuring that I am are well-prepared for upcoming challenges and responsibilities. Moreover, tasks in this quadrant are often completed with high quality because I can give them my attention and care, resulting in better outcomes. **Using digital technologies to operate within a team, enable sharing of information and best practice.** ![](media/image63.png) **Figure 66:** Using digital technology (Helix) to communicate with multiple teams. Figure 66 demonstrates me communicating with other expert IT teams, this communication is done over Helix. In this figure, I had sent a task to other IT departments, which is a sub-ticket that is sent to collaborating teams, enabling me to keep the master ticket, whilst they complete their work. This task was to fill out other IT/network security and data protection questions that I am unable to complete as these teams have the relevant information as shown in Figure 4. By sending tasks I can track the progress of their work and set deadlines to ensure SLAs are met, which is best practice for maintaining accountably and timely completion. When giving this task to the other teams, it is useful to provide them with question numbers and the topic of the questions I want them to complete, to prevent any delays and confusion. Once the task is opened by the other team, they can access and edit the questionnaire and once their part has been completed, they let me know via a note on Helix. From here I would check their contributions and ensure the right level of detail of the information has been provided. After completion, this form will be sent back to the third-party partner via an email in Helix. **Figure 67:** Information Classification Procedure Figure 67 displays the Information Classification Procedure, when me and other teams are completing these questionnaires, it is necessary that the correct classification of information is given (not giving out information that is too high level). This prevents the creation of an information security risk or vulnerability in the King's network. This is best practice. ![](media/image65.png) **Figure 68:** Data Protection Policy. Figure 68 displays the data protection policy at Kings; it is best practice when completing these questionnaires that all teams including myself adhere to this policy. I and others need to make sure that no personal or sensitive data is given out on the questionnaire, as this would breach the Data Protection Act and General Data Protection Regulation. For example, the user requested a copy of our IT organisational structure, I sent them a copy of our ORG chart with names, but photos were removed to protect the identity of Kings staff, this is shown in Figure 69. The same structure was sent to for different departments. A diagram of a company organization chart Description automatically generated **Figure 69:** Copy of ORG chart sent to venders/third-party partners. This ORG chart is shown to align with the Data Protection Act and the General Data Protection Regulation. **Evaluates the importance and impact of my work on other team members.** After completion of the Belbin team role self-assessment, my dominant team role was Completer/Finisher. Being this team type can be significantly beneficial in my team because I ensure that all work/projects are thoroughly checked and are error free. I pay attention to the smallest details, which helps maintain high-quality standards across the team's work. My team can rely on me to work with care and accuracy, fostering trust and confidence in me. However, with this team type, I can sometimes spend too much time worrying on the details, ensuring mistakes and errors are fixed. This can slow down some progress on some projects or tasks as well as cause unnecessary stress within my team, especially when deadlines approach. Also, in this team type it states that I should find it difficult to delegate tasks, I only partly agree with this as I do give tasks when appropriate, however, I always ensure I do the final check to ensure accuracy as I worry my standards have not been met, which might come across that I don't trust other team members standards, which may hinder team collaboration. My strengths in a team can be shown in my third-party compliance and security questionnaire as I take the role of reviewing the final completed questionnaire, ensuring it is error-free and the right amount of detail is added, ensuring it is well prepared and clear before sent to the third-party partner. This demonstrates my positive contribution to my team's success. My team know that the level of work I am producing is at a high standard. This thorough attention to detail trait of a Completer/Finisher can also be useful in my team as in the questionnaire I checked that no personal or sensitive information was given. This contributes positively to the team's adherence to the GDPR and Data Protection Policy, reducing the stress of this for the team. Portfolio Theme 8: Application Skills Support ============================================= As mentioned, I create and issue runbooks. I do this, alongside my line manager as part of my role at King's illustrated in Figure 2 and 3. One process I created a runbook on was account preservation requests (shown between Figure 70 and 72). It includes how to place accounts on "do not cull", which is part of this service request. The runbook I created shows how to carry out the process on MIM (Microsoft Identity Manager), as mentioned prior. The runbook detailing the process of placing accounts on "do not cull" was created to ensure that the correct process and procedure is being followed by stakeho