At a CES event on privacy, Kathryn Dalziel a privacy expert referred to the importance of privacy and cybersecurity as that bestowed to health and fafety.
With the changes to the Privacy Act (December 2020) and the growing cybersecurity risks, schools and Boards must understand their obligations and be aware of any privacy or security risks in their schools.
The minimum a school needs is a documented security and risk assessment plan that articulates the risks and what actions the school will take to safeguard staff, data, student privacy, etc. Actions may include policy enforcement, training, technology changes, or acknowledging that the school is aware of the risks.
CES can help
We understand that to many this will be a daunting and unfamiliar topic. To help we can provide independent advice and guidance to assist schools. We have partnered with Digital Journey to provide this specialist guidance.
We have two options to assist:
Option 1: Privacy and Security Risk Assessment
An independent review of the privacy and security practices in place at the School. This includes assessing:
- Vendor and student data privacy
- Password management
- Networking access
- Policy provision
- Staff awareness of threats and protecting IT assets
Assessment is based on ISO 27002 security standard but modified for schools.
A report will be produced following the assessment (with no tech jargon) that provides a traffic-light assessment of key risks and what you can do to reduce these risks. This can be presented to your Board and serve as a clear plan for the school to follow.
Option 2: Online Privacy Controls
Alternatively one of the biggest areas we see schools struggle with is maintaining privacy online. We can help here by completing an online review on how the school is sharing information (like on Facebook) and maintaining student privacy across communications channels, search results, and websites. This includes an online website vulnerability assessment to provide reassurance that your school site and data are safe.
Digital Journey’s Expertise
Digital Journey has two staff who have extensive Privacy and Cyber Security experience. Stuart is a certified security consultant, with 20 years of experience and has worked for Xero and government agencies on cybersecurity projects. Stuart has provided pragmatic advice to schools on how to improve their privacy and cybersecurity protection.
Cost
We have negotiated a special cost to provide these services. The costs are:
- Privacy and Security Assessment – ranges from $2500 to $3500 per school. Including an on-site (when possible) assessment and report.
- Online Privacy Review – $1500, including an online review and report on recommendations.
Interested?
Feel free to contact Wayne or Stuart for more information:
???? Wayne at wayne@cessl.org.nz
???? Stuart at stuart@digitaljourney.org