Edu Compliance

Education & Compliance

Regulators are getting tough

Reports from the Information Commissioners Office (ICO) have identified Education as one of the sectors with the most reported incidents in Q3 of 2016 (along with Health and general business) which saw a 40% increase of reported incidents in the education sector. this isn't going unnoticed and schools now need to ensure they comply with tougher regulations and standards in cybersecurity for safeguarding and data protection.

Keeping Children Safe in Education

The new KCSIE guideline came into force on 5th September 2016 putting further emphasis on the need for all education professionals to understand that safeguarding is everyone’s responsibility. Each school needs to consider and review their safeguarding policies and procedures, particularly with respect to how they protect and maintain duty-of-care amidst the growing online threats to each student’s wellbeing. With the enhanced auditing requirements needed to meet KCSIE schools now have to look much deeper into internet and social media traffic to identify potential children at risk.

The Prevent Duty

In the summer of 2015, the UK government made Prevent (its full name is the Preventing Violent Extremism strand) a statutory duty for schools, childcare providers and further education establishments. Along with prisons, local authorities and NHS trusts, they are now under a legal obligation to “have due regard to the need to prevent people from being drawn into terrorism”. According to the government’s guidance, the day-to-day responsibilities of teachers and staff now include being able to spot children who might be vulnerable to radicalisation.

PCI DSS

Schools are responsible for the security of credit card account data shared with them, entered through their online systems or wherever the data is received or stored. The standard to which they are held is known as the Payment Card Industry Data Security Standard (PCI-DSS). It is important to meet the PCI-DSS levels for your school to avoid credit card fraud, which could result in hefty fines for your school if the school is deemed out of compliance.

Data Protection

Under the terms of the UK Data Protection Act, all organisations that handling personal information about individuals have legal obligations to safeguard that data. All data kept on electronic media within educational institutions should be kept secure, encrypted and logged in order to keep track of any theft or loss. Where theft or loss does occur and encryption has not been imposed, enforcement action may follow which could be a fine of up to £500,000.

GDPR

The GDPR is the European Commission's latest attempt to strengthen data protection for EU citizens, including the export of their data outside of the EU. With the demise of 'Safe Harbour' companies that export and handle the personal data of European citizens will also need to comply with the new requirements put forth or risk being fined €20 Million EUR for a security breach or 4% of global turnover, whichever is higher.

Free Consultation

Need help in navigating the maze of compliance requirements? Just let us know how we can contact you and one of our Trusted Advisors will be in touch.

Or call us to speak with someone immediately: +44 845 257 5903

We look forward to speaking with you soon.

Title

First Name*

Last Name*

Your Company*

Email*

Phone

Achieve & Maintain Compliance

Navigating the growing compliance requirements can be difficult without expert help. The right balance needs to be found between effective security, detailed monitoring and respecting the privacy and personal lives of students.

Infosec Partners have helped schools and universities achieve and maintain compliance with standards such as PCI and ISO 27001, and helped them to understand what needs to be done to meet statutory requirements such as Prevent, KCSIE and the Data Protection Act.

Contact us today to find out more.

Infosec Partners has helped education establishments, from the most prestigious independent schools to the country’s top universities, to successfully develop robust security strategies and manage Safeguarding.

Listening to Heads and Bursars, Teachers, Students and Parents, we designed a portfolio of cybersecurity services specifically for schools. Infosec Partners helps schools understand the new threats facing them and teaches them how to take control of information and security, staying compliant, managing budgets and risks.

Join Our Newsletter:

Copyright © Infosec Partners Group 2004 - 2018. All rights reserved     -     CALL : 0845 257 5903 or +44 (0)1256 893662     -     EMAIL : enquiries@infosecpartners.com

Do NOT follow this link or you will be banned from the site!