Big changes ahead
With the new academic year comes some big changes for the education sector. If you didn’t know already, the security and department policies in some of the 2019–2020 contracts for Conditions of Funding for Colleges and HEI, and ITP Contract for Services, now require the following:
“The college will have achieved, and be able to maintain, independent certification to ISO/IEC 27001.”
If the responsibility for certification rests with you, you might be a little surprised: this is a brand-new requirement you probably weren’t expecting. But don’t panic! Certification is not as scary as it sounds, especially with QMS by your side.
First, let’s answer a few questions:
1. What is ISO 27001?
ISO 27001 is the world’s most widely recognised Information Security Standard..
The risk of a cyber-attack is real, and you need to be ready. Your staff and students rely on IT infrastructure, to store personal data, to share lesson plans and course materials, and to communicate efficiently. Could your HEI or college continue to operate if a malware attack or hack happened?
ISO 27001 is all about ensuring data security, protecting client confidentiality, and managing the availability of sensitive information within your organisation.
2. What does certification mean?
Certification is confirmation of compliance. Compliance means your institution has met a specific set of requirements around the systems and controls you put in place to protect your organisation from cyber-attacks and other data threats, not to mention avoiding disruption, reputational damage, and incurring exorbitant costs.
In fact, you probably meet most of the ISO 27001 Standard’s criteria already, as your previous contracts required you to put adequate security arrangements in place that met similar levels of best practice. Certification is just a way of formalising it.
It covers applicable permissions and access to your IT infrastructure, vital when you consider the number of staff and students using it, and the physical security of your premises, a significant risk factor for large, sprawling campuses.
3. How do we get certified?
It is recommended that you approach a consultant/certification body, like QMS, to assess whether your existing processes and procedures satisfy the requirements of the Standard, before making any further changes/improvements. With QMS, the process of certification is very straightforward. Our expert consultants work with you, making only the necessary improvements to ensure you meet certification standards.
We can even create a bespoke Information Security Management System (ISMS) for your organisation, saving you time and money. Our comprehensive service also includes an annual audit to make sure you stay on track after certification and verify your compliance, so you can keep displaying your ISO certificates and badges to interested parties.
4. What are the key benefits?
Contractual obligations aside, certification is a huge plus for your establishment.
It’s the perfect opportunity to review your existing information security policies. It also shows you’re committed to ensuring the required controls are in place, and being continually improved. You can also demonstrate that you’re taking precautions to protect the data you process from unlawful access, corruption, and theft.
From pupils and parents to staff and suppliers, ISO 27001 proves to everyone you take security seriously and that you’re doing everything you can to minimise risk and protect their data.
5. Next steps
Check your contract to see if this applies to your organisation, and start the journey to certification today, setting the standard for the new academic year.
Find out more about ISO 27001, your obligations, and the implementation process