Schools and colleges now conduct a vast amount of business electronically. Much data is held on emails, word-processing files, spread-sheets and databases. Storing this data and ensuring its security and confidentiality is a major challenge.
The attendant risks and penalties facing many schools crystallised in April 2010 when the Information Commissioner’s Office (ICO), which oversees and enforces the Data Protection Act 1998 (DPA), introduced fines of up to £500,000 for serious data breaches.
It was not long before the ICO began doling out fines. A recent case in Leeds saw sensitive personal details about a child in care sent to the wrong person, revealing details of a criminal offence, school attendance and information about the child’s relationship with their mother. When sending internal mail, the council re-use envelopes that have been used for external mail. But in this case the external address wasn’t crossed out, and so the sensitive file was posted to someone who had nothing to do with this case. Leeds City Council were served with a monetary penalty of £95.000.
In a bid to strengthen their security processes, schools are moving towards Information Security Systems. QG Business Solutions has now developed an ISM Standard for Schools, following the principles of ISO 27000 the QG-ISMS assists Schools in protecting their confidential information.
The Service
- A QG Practitioner (CISSP, CISA or equivalent) will visit the premises and undertake an initial security audit against your school/college objectives.
- The QG Practitioner will produce a report including the actions required to comply with the QG Information Security Standard.
- Actions will be implemented by the client in accordance with the QG Practitioner advice.
- A manual will be agreed by both parties at which point the QG ISS logo will be able to be used
- A certificate of conformance will be issued to show that an Information Security Management System (ISMS) is in place to help comply with regulations.
- A QG Accredited Certification Body will audit the documented system on an annual basis