If you’ve been following the story so far, you’ll know that Becta have published new guidelines for Information Security in schools. It has happened in a few stages, with the detailed information finally being published in the autumn. This included information on the various protection levels that applied to information, and some practical advice on what to do next *.
The reason I haven’t blogged about this for a little while is that I was waiting for the final piece of the jigsaw – a specific table of which data in a school MIS system needed to be protected at which levels of security. This is important because some of the data is purportedly so sensitive, it needs extra protection within the school and has very limited circumstances when it can be used outside of the school (for example, it may not be permitted for a staff member to access it from their school laptop across a VPN link). Until the list is published, it’s difficult to give specific advice other than the general advice such as fully encrypt your staff laptops, ensure staff don’t copy student MIS data onto a memory stick etc
That list was due for publication in December, but was delayed until the end of January, and now I’ve just learnt (via this thread on the Becta Collaboration site) that it’s not going to be out until the end of March. And it also says here that the guidance will be brought into line with the central government guidance on Information Security. So some changes afoot.
Until then, keep an eye on the core guidance from the Becta reports:
Becta are encouraging people to join their online discussion community here, and if you’re responsible for information security in your school, it’s worth keeping an eye on.
Of course, I’ll keep you updated via this blog as new information is published.
Footnote: The practical advice included implementation instructions for a encryption system which is not UK Govt approved, and some images showing changes to MIS screens that came as a surprise to the MIS providers themselves!