ISO 27001: an education


Big changes ahead

With the new academic year comes some big changes for the education sector. If you didn’t know already, the security and department policies in some of the 2019–2020 contracts for Conditions of Funding for Colleges and HEI, and ITP Contract for Services, now require the following:

“The college will have achieved, and be able to maintain, independent certification to ISO/IEC 27001.”

Certification shocker

If the responsibility for certification rests with you, you might be a little surprised: this is a brand-new requirement you probably weren’t expecting. But don’t panic! Certification is not as scary as it sounds, especially with QMS by your side.

First, let’s answer a few questions:

1. What is ISO 27001?

ISO 27001 is the world’s most widely recognised Information Security Standard..

The risk of a cyber-attack is real, and you need to be ready. Your staff and students rely on IT infrastructure, to store personal data, to share lesson plans and course materials, and to communicate efficiently. Could your HEI or college continue to operate if a malware attack or hack happened?

ISO 27001 is all about ensuring data security, protecting client confidentiality, and managing the availability of sensitive information within your organisation.

2. What does certification mean?

Certification is confirmation of compliance. Compliance means your institution has met a specific set of requirements around the systems and controls you put in place to protect your organisation from cyber-attacks and other data threats, not to mention avoiding disruption, reputational damage, and incurring exorbitant costs.

In fact, you probably meet most of the ISO 27001 Standard’s criteria already, as your previous contracts required you to put adequate security arrangements in place that met similar levels of best practice. Certification is just a way of formalising it.

It covers applicable permissions and access to your IT infrastructure, vital when you consider the number of staff and students using it, and the physical security of your premises, a significant risk factor for large, sprawling campuses.

3. How do we get certified?

It is recommended that you approach a consultant/certification body, like QMS, to assess whether your existing processes and procedures satisfy the requirements of the Standard, before making any further changes/improvements. With QMS, the process of certification is very straightforward. Our expert consultants work with you, making only the necessary improvements to ensure you meet certification standards.

We can even create a bespoke Information Security Management System (ISMS) for your organisation, saving you time and money. Our comprehensive service also includes an annual audit to make sure you stay on track after certification and verify your compliance, so you can keep displaying your ISO certificates and badges to interested parties.

4. What are the key benefits?

Contractual obligations aside, certification is a huge plus for your establishment.

It’s the perfect opportunity to review your existing information security policies. It also shows you’re committed to ensuring the required controls are in place, and being continually improved. You can also demonstrate that you’re taking precautions to protect the data you process from unlawful access, corruption, and theft.

From pupils and parents to staff and suppliers, ISO 27001 proves to everyone you take security seriously and that you’re doing everything you can to minimise risk and protect their data.

5. Next steps

Check your contract to see if this applies to your organisation, and start the journey to certification today, setting the standard for the new academic year.

Find out more about ISO 27001, your obligations, and the implementation process

Sign up to get the latest in your inbox

    • Email address

About the author

  • Name:

    Maxine Green

  • Company:

    Digital Marketing Manager

  • Bio:

    Maxine has worked for QMS since 2018, and is focused on providing informational content that will help businesses to grow and develop.


QMS International use cookies to provide you with a better site experience, enable features and to help us understand how our website is being used.

By continuing, you consent to the use of cookies in accordance with our Cookie Policy

Allow All Cookies

Allow Strictly Necessary Cookies Only