Supporting the RPA
The DfE's Risk Protection Arrangement can be a great alternative to commercial insurance, particularly if you are interested in protection against cyber attacks and risks.
However, did you know that you may not be covered if you do not meet the minimum requirements? Below we break these down and highlight how LGfL can support you.
- Standard 1 - Backups
- Standard 2 - Training
- Standard 3 - Police CyberAlarm
- Standard 4 - Cyber Response Plan
You should have at least 3 backup copies of important data, on at least 2 separate devices, at least 1 must be off-site
Conditions of Cover
All members must meet the Department for Education’s Cyber security standards relating to backups.
The standard states: “You should have at least 3 backup copies of important data, on at least 2 separate devices, at least 1 must be off-site.”
The Department for Education's sector Cyber team also provides the following guidance to schools: www.rpaclaimforms.co.uk/wp-content/uploads/2023/02/GDL-PLT001-Backups-for-Schools.docx
How LGfL can help
LGfL schools that are eligible can benefit from access to Gridstore, LGfL's cloud-based backup solution which meets all of the requirements for one of your backup devices. This will provide 50GB free of charge to primary and special schools and 100GB to secondary schools. This is an excellent way to protect your most critical data such as your MIS or Single Central Record.
For details about this, and how to get more storage please check here.
What isn't covered by LGfL
You'll need to make sure you have the right backup solutions in place and that they're configured properly. If your backup uses an encryption key make sure it is in a safe place – that can be accessed if you are prevented from using any IT systems.
We still hear of schools impacted by ransomware going to their backups to start recovering them, and finding that they have been encrypted or wiped. This is why it is so important to have an offsite/offline/air-gapped backup.
You will also need to check that your backups have the right servers and data included on them and that they're running effectively. It's really important to check that you can recover from your backups, this can be as simple as scheduling a reminder to restore a file once a month. Completing a test run of Disaster Recovery plans is a great way to know how effective your backup solution is, and how long it can take to recover operations.
