Security and Risk Assessment
With the changes to the Privacy Act (December 2020) and the growing cybersecurity risks, it is essential that schools and Boards understand their obligations and are aware of any privacy or security risks in their schools.
The minimum a school needs is a documented security and risk assessment plan that articulates the risks and what actions the school will take to safeguard staff, data, student privacy, etc. Actions may include policy enforcement, training, technology changes, or acknowledging that the school is aware of the risks.
CES can help
We understand that to many this will be daunting and an unfamiliar topic. To help we can provide independent advice and guidance to assist schools. We have partnered with Digital Journey to provide this specialist guidance.
We have two options to assist:
Option 1: Privacy and Security Risk Assessment
An independent review on the privacy and security practices in place at the School. This includes assessing:
- Vendor and student data privacy
- Password management
- Networking access
- Policy provision
- Staff awareness on threats and protecting IT assets
Assessment is based on ISO 27002 security standard but modified for schools.
A report will be produced following the assessment (with no tech jargon) that provides a traffic-light assessment on key risks and what you can do to reduce these risks. This can be presented to your Board and serve as a clear plan for the school to follow.
Option 2: Online Privacy Controls
Alternatively one of the biggest areas we see schools
struggle with is maintaining privacy online. We can help here by
completing an online review on how the school is sharing information (like on
Facebook) and maintaining student privacy across communications channels, search results, and websites. This includes an online website vulnerability
assessment to provide reassurance that your school site and data are
Digital Journey's Expertise
Digital Journey has two staff who have extensive Privacy and Cyber Security experience. Stuart is a certified security consultant, with 20 years of experience and has worked for Xero and government agencies on cybersecurity projects. Stuart has provided pragmatic advice to schools on how to improve their privacy and cybersecurity protection.
Lou is Digital Journey's privacy expert on online services and social media.
We have negotiated a special cost to provide these services. The costs are:
- Privacy and Security Assessment - ranges from $2500 to $3500 per school. Including an on-site (when possible) assessment and report.
- Online Privacy Review - $1500, including an online review and report on recommendations.
Feel free to Contact Wayne or Stuart for more information:
Wayne at firstname.lastname@example.org
Stuart at email@example.com