Education

Data Protection, Information and Cyber Security

As a learning establishment, the data you hold on the children under your supervision is of paramount importance and should be afforded an appropriate level of security. Too often we hear about sensitive information finding its way into the public eye and no-one wants to be at the sharp end of that publicity, especially if you are a school or college, be it state run or independent.

That’s why we have developed an audit process especially for you to identify your current security practices and ensure your data is safe. Here’s what we do and why…

What?

• Comprehensive review of security documentation, information systems, policies and procedures, including Data Protection and Acceptable Use
• Interviews with key staff on effective implementation followed up by spot check discussions
• Escorted tour of establishment to complete basic security check

Why?

• Opportunity to fully grasp Information Security obligations
• Ensure Data Protection compliance
• Meet Children Act Regulations
• Provide assurances and accountability to parents, Ofsted Inspectors and key stakeholders on Information Security
• Meet obligations to school Governing Bodies and Local Authorities
• Identify bespoke Information Security needs and general areas of security that need to be addressed

We also offer ISO27001 for Universities. See our dedicated ISO27001 page for details of the defacto information security standard and how we can help with certification or compliance.

Physical Security Reviews

Many independent and private educational facilities are being expected to provide evidenced assurance to governing bodies and other key stakeholders that their physical security is adequate and fit for purpose, as well as regularly reviewed and tested. During periods of reduced building occupancy, physical security requirements may change. Our reviews ensure spend is going in the right places and additional needs are not overlooked.

We have experience of providing comprehensive reviews and reporting in these situations, bringing the independent advice and support needed for this assurance. Our reviews include:

• Checking physical systems are fit for purpose and operating within legislation and guidelines
• Providing independent advice on vulnerabilities and how to mitigate the resulting risk
• Working within existing risk assessments to improve and fine tune security measures
• Ensuring wise security spend – we do not sell equipment or systems, we are there to advise
• Ensuring measures are proportionate and conducive to a healthy environment for students, visitors and staff alike

What?

• A comprehensive review of security systems, including but not limited to CCTV, lighting, intruder systems, barriers, and door entry
• A full report of findings with recommendations
• Multi sites accommodated

The Information Commissioner’s Office (ICO) made a series of recommendations to higher education. This included great advice such as using specialist roles to help support good Data Protection and Information Security after the growth of data breaches in this sector. Those roles are Senior Information Risk Owner (SIRO), Information Asset Owner (IAO) and Data Protection Officer. We have offered specialist training for SIRO and IAO roles for many years and as well as offering training in Data Protection, we also offer an outsourced service which is acceptable under GDPR and Data Protection Act (2018)

Details of our training is on the training page along with access to our IAO Education Journey.

NHS and Public Sector bodies can now procure us directly from NHS SBS Cyber Security Framework, this includes direct awards and mini tenders.

SIRO training for Education

The role of the Senior Information Risk Owner (SIRO) is a key function across all areas of the Public Sector, including NHS, central government, nuclear, education, councils, NDPB’s and in some cases even suppliers to Public Sector are required to demonstrate the role.

This one 1-day course is designed for Senior Information Risk Owners in both the public and private sectors who need a more developed understanding of their responsibilities as SIRO.

If you are interested in our Public Sector SIRO training course please call 0121 559 6699 or contact us for information.

IAO training for Education

The role of Information Asset Owner (IAO) was initially developed for Government; its purpose was to give nominated individuals responsibility for managing risks to both personal and business critical information, and minimise the occurrence of information security breaches within the Government community, an issue that has caused widespread concern in the past and continues to challenge the public sector as technology advances and data sharing increases. It has since become and invaluable role in a range of organisations, including  the Higher Education sector, handling not only sensitive student and staff information assets, but valuable R&D data too.

Onsite Training Cost: £1800 +VAT for up to 20 delegates trained in two half day sessions. Maximum 10 delegates per session. If you are interested in our Public Sector IAO training course please call 0121 559 6699 or contact us for information.