Information Assurance

The Department for Education (DfE) is changing its IT security requirements to improve resilience against cyber threats in the education sector. The Cyber Essentials (CE) certification will replace the IT health check as the mandatory framework for colleges and special post-16 institutions (SPIs) for the 2024/2025 funding year. You will need to demonstrate compliance with CE standards by the end of the educational year in July 2025 to be eligible for funding.
The Cyber Essentials scheme requirements and question set are reviewed and updated regularly by a team of experts from IASME to keep the controls effective to protect against common cyberattacks. IASME has created some guidance to help organisations in the education sector understand their position on Cyber Essentials compliance: Education - Cyber Essentials Knowledge Hub - Cyber Essentials Knowledge Hub
The good news is that CE is a less costly and time-consuming certification to achieve than the current annual IT health check framework, so it will be easier for educational institutions to achieve compliance, while simultaneously improving their security position.
Some of the benefits of the framework include:
Protection against cyberattacks: Implementing the framework can help prevent around 80% of common cyberattacks. This is crucial for safeguarding your organisation from basic threats that many attackers exploit. By following the CE guidelines, educational institutions can streamline their cybersecurity processes, leading to increased operational efficiency.
Enhanced reputation, trust and credibility: Achieving certification demonstrates your commitment to cybersecurity, which will showcase your institution as a responsible leader in safeguarding data, and therefore, your students.
Compliance with regulations: Always stay ahead of new cyber security risks by assessing your systems against a recognised framework each year. And the scheme provides a straightforward framework for assessing and continuously improving your cybersecurity posture, making it easier to identify and address new vulnerabilities.
Making the necessary changes to meet the new Cyber Essentials requirements will be a challenge for many educational institutions. Achieving certification is crucial to safeguard sensitive data, maintain trust and meet regulatory expectations, but it doesn’t have to be another tedious checkbox exercise! You can make the most of PGI’s human-led approach and tailored support to simplify the process and implement the necessary controls to maintain compliance.
Read more about the Cyber Essentials and Cyber Essentials Plus schemes.
If you would like extra support, our consultancy service offering includes:
Whether you choose our remote support service or an in-depth consultancy, our goal is to ensure you meet all requirements and you can manage your controls with confidence.
Get in touch with us today to see how we can help you achieve and maintain Cyber Essentials compliance.
Protection Group International (PGI) is pleased to be the Official Training Material Developer to CREST, the global not-for-profit body supporting the cyber security industry.
The Department for Education (DfE) is changing its IT security requirements to improve resilience against cyber threats in the education sector.
Rapid developments in AI have seen more companies adopting automated penetration testing to identify IT infrastructure vulnerabilities.