DfE Cyber Security Standards
In 2022 the Department for Education released cyber security standards to be met by all schools and colleges. As a priority, schools not meeting the standards, are expected to review any devices and services falling short
How Secure Schools helps schools and trusts to meet and demonstrate the DfE cyber security standards
Network Standards
Protect all devices on every network with a properly configured boundary or software firewall
- The Secure Schools audit framework, section 7, expects to see this.
- Vulnerability assessments provide assurance for this.
- Cyber Essentials requires this.
Network devices should be known and recorded with their security features enabled, correctly configured and kept up-to-date.
- Secure Schools vulnerability assessments and device configuration reviews provide assurance for this.
- Cyber Essentials certification requires this.
Accounts Standards
Accounts should only have the access they require to perform their role and should be authenticated to access data and services.
- Secure Schools cyber security awareness training supports this.
- Secure Schools can support schools with more advanced training for IT staff.
- IASME Cyber Assurance certification requires this.
You should protect accounts with access to personal or sensitive data and functions by multi-factor authentication.
- The Secure Schools audit, section 7, expects to see this.
- Secure Schools vulnerability assessments and device configuration reviews provide assurance for this.
- IASME Cyber Assurance certification requires this.
You should use anti-malware software to protect all devices in the network, including cloud-based networks
- The Secure Schools audit, section 7, expects to see this.
- Secure Schools vulnerability assessments and device configuration reviews will provide assurance for this.
- Cyber Essentials certification requires this.
An administrator should check the security of all applications downloaded onto a network.
Network devices should be known and recorded with their security features enabled, correctly configured and kept up to date
- Secure Schools vulnerability assessments and device configuration reviews provide assurance for this.
- Cyber Essentials certification requires this.
Data Protection Standards
Have at least 3 backup copies of important data, on at least 2 separate devices. At least 1 must be off-site
- The Secure Schools Audit, section 7, expects to see this.
- IASME Cyber Assurance certification requires this.
Conduct a Data Protection Impact Assessment by statute for personal data you hold as required by General Data Protection Regulation
- The Secure Schools audit, section 5, expects to see this.
- IASME Cyber Assurance certification requires this.
Cyber Attack Standards
Your continuity and disaster recovery plan should include a regularly tested contingency plan in response to a cyber attack
- Included in the Secure Schools cyber incident management plan template, from our policy builder.
- The Secure Schools audit, section 10, expects to see this.
- IASME Cyber Assurance certification requires this.
- Plans for a cyber security incident management simulation feature to test school staff knowledge on how to report serious cyber attacks.
Serious cyber-attacks should be reported
- Included in the Secure Schools cyber incident management plan template from our policy builder.
- The Secure Schools audit, section 10, expects to see this.
- Plans for a cyber security incident management simulation feature to test school staff knowledge on how to report serious cyber attacks.
Train all staff with access to school IT networks in the basics of cyber security
- Secure Schools platform-based cyber security awareness training for school staff and board members.
- Secure Schools can support schools with more advanced training for IT staff.
- IASME Cyber Assurance certification requires this.