This will be particularly helpful for further education providers, for which Cyber Essentials Plus will be become an Education and Skills Funding Agency requirement for the 2021/22 academic year.
Cyber Essentials is already mandatory for this year (2020/21) and is also necessary when applying for certain government contracts that involve handling sensitive and personal information, for example providing education in prisons.
This self-assessment option evaluates protection against the most common cyber attacks and gives confidence to staff, students, suppliers and customers that the cyber basics are in place.
Gaining Cyber Essentials Plus is a step up the cyber defense ladder and requires a hands-on technical assessment. However, because of the pandemic, arrangements can be made to carry out tests remotely.
Gaining these certificates, which cover firewalls and internet gateways, configuration, patching, access control and malware protection, policies and processes, serves to enhance education providers’ reputations as solid businesses, as Jonathan Wilson at Milton Keynes College can testify. The head of information services for the college says:
“We have contracts with other external organisations and apprenticeship employers, all of which are very interested in the security we have in place.
“We discovered that having these security ‘badges’ was very useful in giving us an advantage in the marketplace.”
Jisc’s Cyber Essentials service manager, Tracy Matthews, says:
“As a certifying body, Jisc will assist universities and colleges complete the Cyber Essentials questionnaire, giving unique insight, advice and guidance along the way. We can also help with the annual renewal process, too.
“It’s also worth noting that organisations with a sufficiently advanced security posture and have confidence in their answers may wish to do Cyber Essentials basic and Cyber Essentials Plus at the same time, in one single engagement.”
Implementing cyber security and information security certificates will be among subjects covered at the Jisc security conference 2020, 3-5 November 2020. This year it will focus on ‘building a cyber aware culture together’ and the programme has been expanded to include sessions for all staff members - from network and security specialists, to teaching and learning practitioners.