Monday, October 26, 2015

Design Flaw in Queensland OneSchool Student Protection Module

The Deloitte report "Queensland Department of Education and Training: OneSchool – Investigation into the 2015 failure of the OneSchool Student Protection Module" (16 October 2015) provides an excellent analysis of the response to a serious fault in a contemporary software system. However, there appears to be a fundamental flaw in the design of the OneSchool system which is not addressed by the report and remains in the system. Queensland school children remain at risk as a result.

The OneSchool SPM is designed to allow teachers to report possible child abuse to the relevant authorities. A fault in the software resulted in 644 reports not being forwarded to the police. Deloitte were commissioned by the Queensland Minister for Education to "to assist the Department of Education and Training (DET) with a review of the Student Protection Reporting Module in OneSchool". Deloitte have provided a good description of the problem, how it was found and fixed and also a reconciliation to verify that all reports are now accounted for. However, this will not be sufficient to prevent a similar problem occurring in the future.

The OneSchool "submission protection" function (shown in Figure 4.2 page 18 of the Deloitte report), shows a purely one way process. The system sends email, to Department of Communities, Child Safety and Disability Services (DCCSDS), or the Queensland Police Service (QPS). There is no provision for the system to verify the report was received. Therefore a similar problem could occur again, in the OneSchool system, in the email system, or in the systems of the DCCSDS or QPS and it would remain undetected.

The OneSchool system needs to be modified so that there is positive acknowledgment of the receipt of every report by the agencies it was sent to. As it involves child safety, OneSchool is a "Safety Critical System", but does not appear to have been designed to the required standard.

No comments: