Get educated in ISO 27001 – Higher standards for higher education


University challenged

If you think your organisation’s cyber security is missing the mark, then you’re not alone. In a 2019 experiment conducted by Jisc, a university and research centre digital services agency, security testers were able to breach the systems of 50 UK universities in under two hours, accessing personal data of students and staff, research networks, and finance systems.

Fortunately, Jisc was not trying to steal data, just prove a point: dwindling budgets and limited resources mean that certain higher educational establishments are cyber sitting ducks. Confidentiality might be taken seriously, but digital security spending has been seriously lacking, and these institutions will suffer serious damage as a result.

Something phishy

Jisc’s head of security operations centre, John Chapman, said the experiment proved how vulnerable universities were to spear phishing – highly targeted malware emails, which are sent to senior personnel, encouraging them to click a link or download an attachment.

“We are not confident that all UK universities are equipped with adequate cyber-security knowledge, skills and investment,” said Chapman. With the increasing sophistication of these attacks, he warned of a looming disastrous data breach, saying: “Universities can’t afford to stand still in the face of this constantly evolving threat.”

Legal obligations, digital dilemma

In the perfect storm, this comes at a time when ISO 27001 – the most widely recognised standard for Information Security – is now a statutory requirement for all colleges and HEIs, and it’s worth schools considering too. At last, the sector must get those ducks in a row and meet the standards required for cyber protection.

For those who don’t act, a malware attack might mean their organisation could no longer operate – IT infrastructure is vital to the day-to-day running of any college or university, from communications to lesson plans, personal data to course material.

Start the process to certification today

Let our ISO management system and certification experts help you to become certified to ISO 27001. We assess if your existing processes satisfy the requirements and help you make any necessary changes to achieve compliance, helping you to ensure data security, protect confidentiality and effectively manage sensitive information.

Make sure your standards are up to scratch and you’ve done all you can to protect your data. From primary schools to universities, an education in ISO 27001 certification is just a phone call away.

Get in touch with our ISO experts on 0333 344 3646 or email [email protected].

Sign up to get the latest in your inbox

    • Email address

About the author

  • Name:

    Michelle Whitehouse

  • Company:

    Brand and Content Marketing Manager

  • Bio:

    Michelle joined Citation ISO Certification in 2012. Having held several different roles across the business, she uses the insight and experience gained to shape and drive the brand and content marketing strategy. Managing a small team; she ensures that the customer is at the forefront of everything we do. Delivering event programmes and communication strategies that pack value into the overarching experience for both new and existing customers, Michelle is an innovative thinker that believes in offering services that add real value to people’s lives. With a background in sales, digital marketing, content strategy and marketing communications, Michelle takes an in-depth, hands-on approach to her role within the business and is passionate about developing the relationship that exists between the brand and customers through a combination of technology and communication.


QMS International use cookies to provide you with a better site experience, enable features and to help us understand how our website is being used.

By continuing, you consent to the use of cookies in accordance with our Cookie Policy

Allow All Cookies

Allow Strictly Necessary Cookies Only