Secure Broadband:      Get connected with LGfL     Safeguarding Offer:      Apply for Monitoring

Supporting the RPA

The DfE's Risk Protection Arrangement can be a great alternative to commercial insurance, particularly if you are interested in protection against cyber attacks and risks.

However, did you know that you may not be covered if you do not meet the minimum requirements? Below we break these down and highlight how LGfL can support you.

    You should have at least 3 backup copies of important data, on at least 2 separate devices, at least 1 must be off-site

    Conditions of Cover

    All members must meet the Department for Education’s Cyber security standards relating to backups.

    The standard states: “You should have at least 3 backup copies of important data, on at least 2 separate devices, at least 1 must be off-site.”

    The Department for Education's sector Cyber team also provides the following guidance to schools: www.rpaclaimforms.co.uk/wp-content/uploads/2023/02/GDL-PLT001-Backups-for-Schools.docx

    How LGfL can help

    LGfL schools that are eligible can benefit from access to Gridstore, LGfL's cloud-based backup solution which meets all of the requirements for one of your backup devices. This will provide 50GB free of charge to primary and special schools and 100GB to secondary schools. This is an excellent way to protect your most critical data such as your MIS or Single Central Record. 
    For details about this, and how to get more storage please check here.

     

    What isn't covered by LGfL

    You'll need to make sure you have the right backup solutions in place and that they're configured properly. If your backup uses an encryption key make sure it is in a safe place – that can be accessed if you are prevented from using any IT systems.
    We still hear of schools impacted by ransomware going to their backups to start recovering them, and finding that they have been encrypted or wiped. This is why it is so important to have an offsite/offline/air-gapped backup.
    You will also need to check that your backups have the right servers and data included on them and that they're running effectively. It's really important to check that you can recover from your backups, this can be as simple as scheduling a reminder to restore a file once a month. Completing a test run of Disaster Recovery plans is a great way to know how effective your backup solution is, and how long it can take to recover operations.

    National Cyber Security Centre (NCSC) training

    Conditions of Cover

    All Employees or Governors who have access to the Member’s information technology system must undertake NCSC training annually. In the event of a claim, the Member will be required to evidence that any Employee or Governor involved in the claim has undertaken the NCSC training. NCSC training to be completed by the start of the Membership Year: https://www.ncsc.gov.uk/information/cyber-security-training-schools

    How LGfL can help

    LGfL deliver the NCSC’s Cybersecurity Training for School Staff which covers this requirement. This can be used and as an introduction to the course, with the opportunity to ask our experts any questions you may have. You can book here.


    This should empower you to then use the NCSC's training material to deliver the same course to all your staff. Further details about the training and resources you can download are available here.

    All Members must register with Police CyberAlarm

    Conditions of Cover

    Registering will connect Members with their local police cyber protect team and in the majority of cases, a cyber-alarm software tool can be installed for free to monitor cyber activity. Where installed the tool will record traffic on the network without risk to personal data. https://www.cyberalarm.police.uk

    How LGfL can help

    Once you have registered for Police CyberAlarm if you want to setup the CyberAlarm Collector we're here to help. Once you have installed the Collector raise a Support Case and we'll work with you to ensure that your firewall is forwarding the relevant traffic.

    Cyber Response Plan

    Conditions of Cover

    All Members must have a Cyber Response Plan in place. A template is available on the RPA Risk Management portal. 

    How LGfL can help

    LGfL have a template Incident Response Plan available in the Elevate Cyber ecurity Toolkit for Schools that can be used as a basis for you a business continuity or disaster recovery plan. The kit also includes templates asset registers that can help with the school's financial value standard.

    What isn't covered by LGfL

    Don’t forget to store your backup encryption keys in a location that is accessible in the event of a total system failure.
    We would recommend that you complete one of the NCSC’s Exercises in a Box to test how effective your cyber response plans are.

    Save more than you spend and keep children safe

    © Copyright LGfL  >  Privacy Notice and Policies  >  Accessibility

    Registered Address: ​9th Floor, 10 Exchange Square, Primrose Street, London, EC2A 2BR. London Grid for Learning Trust - a charity whose mission is the advancement of Education. A company limited by guarantee registered in England no 4205579 Reg charity no 1090412.