Information Security – the detailed guidelines


If you’ve been following the story so far, you’ll know that Becta have published new guidelines for Information Security in schools. It has happened in a few stages, with the detailed information finally being published in the autumn. This included information on the various protection levels that applied to information, and some practical advice on what to do next *.

The reason I haven’t blogged about this for a little while is that I was waiting for the final piece of the jigsaw – a specific table of which data in a school MIS system needed to be protected at which levels of security. This is important because some of the data is purportedly so sensitive, it needs extra protection within the school and has very limited circumstances when it can be used outside of the school (for example, it may not be permitted for a staff member to access it from their school laptop across a VPN link). Until the list is published, it’s difficult to give specific advice other than the general advice such as fully encrypt your staff laptops, ensure staff don’t copy student MIS data onto a memory stick etc

That list was due for publication in December, but was delayed until the end of January, and now I’ve just learnt (via this thread on the Becta Collaboration site) that it’s not going to be out until the end of March. And it also says here that the guidance will be brought into line with the central government guidance on Information Security. So some changes afoot.

Until then, keep an eye on the core guidance from the Becta reports:

 

Becta are encouraging people to join their online discussion community here, and if you’re responsible for information security in your school, it’s worth keeping an eye on.

Of course, I’ll keep you updated via this blog as new information is published.

Footnote: The practical advice included implementation instructions for a encryption system which is not UK Govt approved, and some images showing changes to MIS screens that came as a surprise to the MIS providers themselves!

Comments (2)

  1. John_Howarth says:

    Hi Ray,

    Many thanks for keeping track of this subject; it’s very much appreciated.

    We await the publication of the detailed guideline with bated breath. It’ll be interesting to see how right/wrong our interpretation of the initial guidance was!

    All the best,

    John.

  2. alexjones says:

    I just spoke to someone from the Becta team working on this last week. He tells me that Becta are working on some teacher friendly guidance on this issue that will be released shortly. He was very clear that the present guidance materials are entirely inappropriate for school senior management teams. So for those of your readers who want some easy to understand guidance in user friendly language, my information is that this will soon be appearing.