The Department has taken steps to secure pupils’ data by introducing Cyber security standards for schools and colleges which outline what schools need to do to prevent cyber security risks, attacks and strengthen safeguarding policies.
Schools are required to meet data protection regulations and report personal data breaches. Guidance on keeping pupils safe in education sets out the requirements that schools and colleges need to meet to ensure IT systems are appropriately safeguarded from attacks.
The standards help schools understand how to protect network, data, devices and user accounts to minimise data loss, costs and safeguarding issues.
The standards state the requirement for schools to have at least 3 backup copies of important data, on at least 2 separate devices, with at least 1 off site.
The backup of important data is also a requirement for schools and colleges that sign up for cyber risk protection arrangement cover. Schools must determine which data is important to their operations, but it is likely to include personal, financial, management and network data as a minimum. The National Cyber Security Centre provides advice and guidance to help schools understand what data they must protect.