New Cyber Security obligations for Colleges

This summer the EFSA announced new Cyber Security rules that will apply to colleges and special post-16 institutions (SPIs) in England from the 2024-2025 funding year.

EFSA advises Colleges to work with an NCSC Cyber Advisor or local certification body in order to smooth the journey to Cyber Essentials certification.

Cool Waters Cyber is Cornwall’s only NCSC Cyber Advisor and Cyber Essentials Certification body and our team of cyber experts includes ex-teachers and school administrators, making us the ideal choice for your Cyber Essentials project.

Cyber Essentials Guidance for Colleges and Schools

The government-approved Cyber Essentials scheme encompasses five technical controls designed to protect organizations from the most prevalent cyber attacks. Cyber Essentials offers a clear method for elevating your school’s or college’s cybersecurity to the minimum level recommended by the government. It serves as an effective baseline to ensure that your educational institution is adequately protected.

How does Cyber Essentials work?

Cyber Essentials is a verified self-assessment where colleges answer questions on a secure portal. A senior board member signs off, and a qualified assessor reviews the answers. Questions cover the IT network scope, staff, devices, cloud services, software, and five technical controls: access control, secure configuration, security update management, firewalls, and malware protection. This certification process helps schools and colleges understand and improve their cyber security.

How much does it cost?

The Cyber Essentials verified self-assessment questions are available for free download. The cost of certification varies depending on the size of the school or college seeking certification. For assessment purposes, your organisation includes all parts of your school and any other schools that share the same network.

The UK government defines the size of an organisation based on the number of employees. In the education sector, employees are the paid staff employed by the school or trust. Students are considered more like customers rather than employees in this certification process. School governors are not technically employees, but if they access business information (such as work emails) and services, they must be included when calculating the size of your organisation. Additionally, if the governors use their devices to access any school systems or data, those devices will fall within the scope of this assessment.

0-9 Employees - £320 + VAT

10-49 Employees - £440 + VAT

50-249 Employees - £500 + VAT

250+ Employees - £600 + VAT

UK-based colleges with funding under £20m that certify to Cyber Essentials and include the entire college in the assessment are eligible for cyber liability insurance with a £25,000 limit.

Getting ready for Cyber Essentials for your School

Download the Cyber Essentials self-assessment questions and Requirements for Infrastructure Document for free from the IASME website.

Decide whether you will complete the assessment questionnaire yourself or if assistance is needed to understand the questions and how they apply to your school or college. Preparing your assessment answers in advance using a working document or spreadsheet is advisable. This approach allows you to address any compliance issues that may take longer to resolve.

For professional cyber security advice, contact us - Cornwall’s only NCSC assured Cyber Advisor and licensed IASME Certification Body.

Cyber Advisors are cyber security consultants who have passed an NCSC assessment and work for an Assured Service Provider. We can assist your college in implementing basic cyber security measures and achieving Cyber Essentials certification. Our advisors have been evaluated for their ability to understand and communicate with smaller organisations to provide appropriate and practical cyber security support.