Requirement for ISO 27001 in Colleges and HEIs

The security and department policies in 2019-2020 contracts for Conditions of Funding for Colleges and HEI, and ITP Contract for Services, have announced the following:

“The college will have achieved, and be able to maintain, independent certification to ISO/IEC 27001.”

What is ISO 27001?

ISO 27001 is the most widely, internationally recognised standard for Information Security. All businesses are at risk of cyber-attack – and you need to be prepared. If a malware attack or hack happened, it’s likely your HEI or college couldn’t continue to operate if you rely on IT infrastructure to store personal data, share lesson plans and course material and to communicate with both staff and pupils.

ISO 27001 is all about ensuring data security, protecting the confidentiality of the people you hold data for and managing the availability of sensitive information.

What does certification mean?

Achieving certification is confirmation of compliance. Compliance means you have met a specific set of requirements. The requirements for ISO 27001 are around the systems and control you put in place to protect your organisation from cyber-attacks and other data threats, avoiding disruption, reputational damage and incurring unnecessary costs.

Chances are, you already meet most of the ISO 27001 Standard’s criteria already – your previous contract required you to put proper security arrangements in place and these met similar levels of best practice. The requirement for certification is just a way of formalising it.

The 27001 Standard covers applicable permissions and access to your IT infrastructure. This is vital when you consider the number of people using your systems and the physical security of your premises – a significant risk factor, especially for large campuses.

How do I become certified?

It’s recommended that you start by approaching a consultant or certification body, to assess whether your existing processes and procedures satisfy the requirements of the Standard, before making any changes or improvements. As part of the Citation group, EPM can offer its clients straight forward ISO 27001 certification. The expert consultants within the Citation group will work with you, making only necessary improvements needed to meet certification standards.

What are the key benefits?

Regardless of any contractual obligations, certification has huge benefits for your establishment.

It’s the perfect opportunity to review your existing information security policies. It also demonstrates your commitment to ensuring the required controls are not only in place but are being continually improved. Finally, you show that you’re taking precautions to protect the data you process from unlawful access, corruption and theft.

From pupils and their families to staff and suppliers, ISO 27001 proves to everyone that you take security seriously and that you’re doing everything in your power to minimise risk and protect their data.

Next steps

Whether you fall into the category of those with contractual obligations, or not, start your certification journey today and set the standard for the new academic year.

To speak to an advisor, fill out the contact form and we’ll get back to you. Or call us directly on 0345 241 5250


Pop in your details and we'll call you straight back

We'll get back to you as soon as we can.