(This is the ninth, and final article, in a series of posts from the Settlement Sector & Technology Task Group's final report: From Silos to Solutions: Toward Sustainable and Equitable Hybrid Service Delivery in the Immigrant & Refugee-Serving Sector in Canada. Over the coming days/weeks, I will be extracting thematic sections from the report and posting them as articles to make them more accessible. In each key theme, we provide an introduction, sector perspectives (from interviews and focus groups), a number of useful tools and practices we have found to help guide our recommendations to help the sector and IRCC develop the themes into practice, and then a list of specific recommendations that are relevant to the theme.)
There are many examples of organizations that are using portal-style technologies to provide digital service. In particular, pre-arrival service providers and language service providers are using a combination of technologies and online portals to provide service. In many more cases, agencies are providing services using a combination of technologies. A mix of asynchronous (not real-time) tools such as email, digital messaging, texting, chatbots, online surveys, online courses, screencasts, video recordings, document sharing, and online courses are combined with synchronous (real-time) service delivery tools such as phones, Zoom, Microsoft Teams or other video platforms for one-on-one or group interactions, webinars, live-streams, real-time whiteboard or other collaborative technologies.
Agencies may use the technologies that they are already using or that they prefer, or have already invested in. For larger organizations or those whose work on technology predates COVID-19, this is an easier choice. They already have the capacity. They have made the investments. Still, our findings suggest that no one agency has achieved optimized digital maturity in service delivery. There is much still to learn. It is also important for the sector and IRCC to determine how they can collaborate on interoperable systems. Guidance on system and technology choices is necessary to ensure the investments move the sector towards collaboration and technical standards, not standalone systems.
Some SPOs have started to put in place protocols and guidelines with regards to social media, digital instant messaging and other technologies being used in service delivery. Most are not formally shared or captured in the sector, or by IRCC. They should be collected, along with useful documents from other sectors to be shared sector-wide and a baseline set of standards created for sector agencies to adhere to.
Learning from agencies further along the digital maturity continuum is important. IRCC and the sector need to evaluate and share their baseline capacity and what it took to get them to that point. The goal of this evaluation should be to establish baseline capabilities for all funded settlement organizations. Smaller organizations, or organizations for whom the shift to digital during the pandemic was newer, and who may still be struggling in many ways, will benefit the most. But the entire sector, as well as newcomers, will also benefit. The sooner these baselines are established, the better for those organizations that have sunk costs into development, and those that cannot.
It is essential to evaluate the decisions more digitally mature organizations have made, how to measure the outcomes of their technology choices and how to measure the choices they've made. The sector can benefit from having some baseline guidance to determine how to move forward with systems choices, training for their staff, with support for their plans, etc. When we look at a hybrid service delivery model, there's a continuum of possibilities and choices that agencies could make. There are also potentially economies of scale in sector procurement. For example, if a tool such as Zoom is determined to be the baseline technology choice for video conferencing, a centralized body like IRCC, provincial umbrella groups, or other organizations could negotiate bulk purchases. This would bring the cost per unit down for these agencies, and allow for standardization of use, knowledge mobilization of promising practices, communities of practice around online facilitation, as well as create either hiring expectations or common technology onboarding strategies. The question to focus on is how can agencies be supported to not only make technology choices that make sense for them, but that they are also able to support and build on over time.
In a hybrid service delivery model with baseline capabilities and competencies, each Frontline Practitioner, Manager, Director, Executive Director/CEO, and newcomer should have the same understanding of what a baseline hybrid service delivery model can offer. Consistency is key. SPOs can exceed this baseline, developing solutions beyond and above the baseline. They may have internal resources, or be connected to external resources (possibly shared among other agencies) to ensure that they have the capacity to provide an expected level of hybrid service delivery.
In a model with baseline expectations and support, SPOs would have the same capacity as other agencies. While they can be expected to offer hybrid service delivery options in a variety of different ways, each agency would have a similar set of competencies, skills, technology infrastructure, and service delivery expectations.
The technologies around hybrid service delivery models or platforms will continue to evolve. In the hybrid service delivery section we discussed this continuum and what that range looks like from ad hoc technology choices, to platform-based models, to seamless digital user experiences, from pre-arrival to Citizenship.
There is much in the sector that can and should be learned from. At the same time, emerging external frameworks offer useful starting points for many agencies to assess, map and begin moving towards innovation and a more strategic use of technology.
This section addresses the baseline infrastructure required for a hybrid service delivery model in the immigrant and refugee-serving sector. SPOs have been using a suite of technologies over the past year, and earlier. What is lacking is a significant sector evaluation of those technologies to determine which are optimal in hybrid service delivery.
Instead of presenting a specific technical roadmap outlining what the right hybrid model system is, what we have discovered in conversations with the sector is that those who are more digitally mature want to be supported in the choices they have made, while those that are digitally developing are still trying to figure out how to do all of this type of work digitally. They want to be assured that there are baseline competencies they can aspire to and be supported in achieving. In this model, every agency would have the same funded, baseline infrastructure, competencies, and standards.
With ever-increasing threats to the security of systems, data, and applications, there is growing recognition by nonprofits that the move to hybrid service delivery cannot happen without the establishment of baseline cybersecurity standards. Services must be private and secure by design.
Ensuring quality digital service delivery is more important than ever: “Standards set out requirements, specifications, guidelines or characteristics that can be consistently applied to ensure that products, materials, processes and services perform as intended — qualitatively, safely and efficiently.”
Developing technology standards is crucial to maintain service consistency and make sure that clients are kept fully informed about the services on offer. They also empower teams to ensure that duplications and miscommunications won’t occur and that new applications will be strategically aligned with the current applications.
Our findings have confirmed the importance of technology standards as an integral part of an organization’s overall digital strategy. Clients who use more than one blended or web service benefit from program-wide standards so they are less confused.
Creating information products and services for newcomers, especially vulnerable newcomers (not only refugees) requires the same rigour as creating in-person services. When it comes to technology-mediated service delivery, research suggests a fairly common set of practices and approaches an agency should follow. There are a number of resources that provide useful starting points to develop technology and innovation capacity in the immigrant and refugee-serving sector. They will be explored below.
Digital Maturity Models provide a framework to evaluate how digitally mature an organization is today, and to help build a roadmap for the future. These models provide digital assessment, guidance, and road maps across broad capacity areas and should be evaluated for adoption and replication in the sector. They are explored below.
Consistent and baseline professional development needs to be made available across the
sector. There is value in bringing together those who provide sector-wide professional development such as umbrella organizations, colleges, and universities to create a comprehensive, blended (combining online and in-person) learning model. IRCC should look to the language sector professional development model it funds, the Avenue/LearnIT2teach Project, for what can be replicated in Settlement programming. At the same time, it is essential to move the professional development conversation beyond up-/re-skilling to hiring. We are already seeing the emergence of workers with different credentials or in entirely new roles/structures in the sector .
Baselining cybersecurity is essential but can be complicated in a client-centric design and service model. For example, it makes sense to discover and use the digital technologies that clients are comfortable using. However, this raises security concerns since not all digital platforms are secure or encrypted or have integrated digital privacy frameworks, guidelines and policies. Frontline settlement practitioners have to negotiate this shifting technology landscape and client technology preferences carefully. While they must ensure ease of use in technology, they also are responsible to ensure that client interactions that include personally identifiable information are conducted on secure platforms. They must also communicate, educate, and support clients on the reasons for secure and confidential use of digital channels.
Implementing cybersecurity includes a number of digital ethics considerations that exist below the surface. It is a collaborative endeavor that requires the entire sector to ensure that privacy and confidentiality are securely maintained at the highest levels possible. It also involves a process of reciprocal reflection that constantly revisits related practices to ensure digital safeguarding is a sustainable act.
Though some SPOs have implemented organizational practices to increase cybersecurity, many organizations are still seeking guidance in this area. Cybersecurity needs to be built into some organizational baselines. It should be viewed as fundamental infrastructure in digital service delivery. It also involves a process of constantly revisiting organizational operations to ensure sector cyber resilience. This is a necessity with nation-wide strategic implications. Canada's National Cyber Security Strategy (2018) recognizes cybersecurity as “the companion to innovation and the protector of prosperity” and it is an essential component of any functioning sector.
There are a variety of schools of thought about whose responsibility it is to ensure baseline competencies. Some expressed that it could be the frontline practitioners’ ability to identify the ethics and risks since they work directly and closely with clients in this hybrid service delivery transition. Others argued that it is the programs/organizations’ responsibility to provide guidelines and directions so that no one will be left behind. Others are simply looking for privacy and security guidelines from IRCC that they must comply with. In reality, it is a combination of all of these.
Several settlement frontline practitioners illustrated that intake questions needed to be further refined to not only reduce unnecessary questions, but also add more relevant ones related to digital literacy and capacity:
I think for the hybrid service model, in our intake process, we need to change the way we are doing our intake to make sure that we are capturing this information about the clients, their digital literacy or their interest in attending either online or in person, because this will help us organize our thoughts and organize our programs. We never captured “are you interested in doing the work online or in person,” we have to start capturing this information. (technology, focus group)
Cybersecurity is recognized as an essential infrastructure in practicing the hybrid service model:
There’s a conflict between the security requirements of the service providers and the platforms that they want to use, and what newcomers are able to upload on their devices. So if they have older devices, some of the apps just don’t work. We’ve even been finding that with the schools, the schools are lending out devices to families, but they’re locked so that the child can only access school using those devices. So what that means is the parent can’t then use that device. The security specifications are so tight that they are undermining a whole lot of other other things. (LIP, SPO, focus group)
Many settlement frontline practitioners have taken initiatives to educate their clients regarding digital privacy and virtual confidentiality. Some organizations have designed cybersecurity guidelines. Some programs have also trained clients:
So we started with digital security training focusing on professional usernames, secure passwords, protecting our online identity. We are working on navigating the web now. This will be our sort of the next step to build the real fundamentals of digital privacy (language services, SPO, interview)
Cybersecurity is widely discussed in other sectors. We can learn from them to create an organizational regulatory framework to protect client privacy and security in the digital database:
In the health sector and healthcare, they have very high standards around regulatory frameworks on privacy, security and confidentiality. The pattern for compliance, which we don’t have in our sector, but we are suggesting we should aspire to why not hit the highest standards, because we do deal with people’s personal information. (adult literacy organization, interview)
Assessing Digital Maturity
There are a number of interesting Digital Maturity Models that would be useful to review and assess for potential application in the sector. If we expand the idea that SPOs are either “Digitally Developing” or “Digitally Mature” we can use Digital Maturity Models to assess them and develop capacity and competency baselines across the sector.
The 2021 Volunteer Management Progress Report explores digital maturity of volunteer organizations in 22 countries (including Canada) along a rating scale: Lagging - Little or no use of technology to meet goals, Adapting - Moderate use of technology to meet goals, Maturing - Extensive use of technology to meet goals. Only one in four (24.0%) rated their agency overall as Mature in terms of technology use and volunteers. Accenture’s 2020 Global Digital Fluency Study “shows that just 14% of companies are digitally mature. Business leaders—and workers, too—are struggling to navigate this new technology-enabled world of work. Many companies weren’t prepared for the abrupt transition.”
We have discovered a number of existing, mature, and effective Digital Maturity Models that have been created or assessed for nonprofit use, or have been accepted in business/consultancies. It is outside the scope and resources of this project to fully screen them. As part of our first recommendation Develop a roadmap to support organizational digital transformation, we have suggested that the sector review existing Digital Maturity Models from within and outside nonprofit sectors to curate and customize models for the sector.
Nonprofit Digital Maturity Models
Business/Consultancy Digital Maturity Models
Baseline Risk Management
It is important for the sector to embrace the principles of privacy and security by design in a hybrid service delivery model. One strategic approach to baseline cybersecurity in the human service organizations is to embrace Enterprise Risk Management (ERM).
ERM addresses the full spectrum of an organization’s significant risks and then measures the degree to which the organization is successful in controlling these risks. In the ERM model, both risks and strategies to mitigate those risks are outlined. The following are the elements of a simplified ERM framework:
Risk assessment processes enable organizations to be aware of potential risk areas, identify mitigation measures and weigh factors to determine whether and/or how to adopt digital services. This model has been also recommended for organizations delivering virtual care services, as documented by Empowered Kids Ontario’s Virtual Care Resource Guide.
KPMG’s Enterprise Risk Management (ERM) Toolkit for Charities and Institutions of a Public Character (IPCs) provides a risk landscape, answers why ERM frameworks matter to the nonprofit sector, and suggests plans for establishing a baseline of security, and actionable advice. The toolkit also includes sample risk assessments for non-compliance acts with regard to digital technologies and data.
A recent report from NetGain Partnership (a collaboration between six of the United States’ leading foundations to address issues of the digital age) on digital security in the civil society sector outlines how to assess the existence and potency of digital threats and enhance digital security in the organizations. The report suggests seven questions that funders can ask about organizations’ digital security systems and procedures, as well as their plans to improve security and respond to crisis. The report recommends that funders take a systematic, rather than piecemeal, approach to digital security, and that they encourage grantees to make iterative capacity improvements. It urges funders to support grantees to develop short- and long-term security plans, and to collaborate with other funders who are similarly interested in advancing digital security at the grantee and field levels.