When Google Apps for Education are introduced into a K-8 school, administration, staff – and especially parents – may have some concerns about security and protection for their children. With a little planning, there are ways to substantially partition off successive layers of access to email features within your school’s Google domain….
When Google Apps for Education are introduced into a K-8 school, administration, staff – and especially parents – may have some concerns about security and protection for their children. Some may not even want an ability for children to have an email account, while teachers may desire an email account for their student to facilitate usage of a particular application, or student-student, student-teacher, student-parent communication. What can be done?
I once thought this might be an all or nothing approach, but a recent session at a Google Apps for Education summit convinced me otherwise. While not a matter of a few clicks here and there to set this up, with a little planning, there are ways to substantially partition off successive layers of access to email features within your school’s Google domain. Here’s one way of tackling this:
- Create a suborganization for every graduating year possible for your school. For an initial setup, this would include the current graduating year, plus an additional 8 or more years to cover Kindergarten and JK. In this example, you would create suborganizations for 2013, 2014, 2015, and up. Think carefully about this – your users (students, staff, committee member, administrators) can only belong to one suborganization at a time. If you organize them here for other purposes, you will need to consider your main usage of suborganizations. The settings for creation of sub organizations and user assigment to these can be found under the <Users> section on the administrative app for your Google Apps site.
- Move your (users who are) students into the appropriate group for graduating year. This will rarely change. The idea behind this type of organization is that as the graduating year approaches, you can decide to progressively allow more email features to that graduating year group.
- Here’s where the fun and decisions can now be made for what you allow. These settings can all be found under the <Settings> menu on the top, then by selecting <Gmail> from the sidebar, selecting each suborganization by graduating year, and then modifying the settings found in the <Compliance> section.
Here’s what some of those settings control:
- Append footers – You can set up outgoing email footer text for legal compliance, informational or promotional requirements. This might not be too relative to what is being discussed here.
- Restrict delivery – here you can whitelist (include) or blacklist (omit) whichever email domains that you want allowed for delivery and receipt of emails. You could , for example, only allow delivery and sending of emails that belong to your school’s email domain…..and bypass it for internal-only messages.
- Content compliance – this setting states what action to perform for messages based on predefined sets of words, phrases, text patterns, or numerical patterns. It scans messages for content that matches rules that you configure. Messages can be rejected or delivered with modifications.
- Objectionable content – similar to above, inbound or outbound messages can be modified or rejected, based on content matching word lists that you define.
- Attachment compliance – Attachments can be filtered based on their file type, name, or size.
- Receiving and Sending routing – interesting options here – one capability is that any email sent from outside of the sub organization’s group to any member of the group can be routed to one person . You could, for example, force all emails sent to a group to go (only) to the teacher or principal.
Between all of these, one can see that you can force email communications within any one grade to only members of that grade, and / or include a teacher, parents, or others (another ‘partner’ school, for example). Couple this with the content filtering, and you have a quite impressive, albeit somewhat tedious-to-setup control on email usage for your Google-based organization.