Information Assurance
The Department for Education (DfE) is changing its IT security requirements to improve resilience against cyber threats in the education sector. The Cyber Essentials (CE) certification will replace the IT health check as the mandatory framework for colleges and special post-16 institutions (SPIs) for the 2024/2025 funding year. You will need to demonstrate compliance with CE standards by the end of the educational year in July 2025 to be eligible for funding.
The Cyber Essentials scheme requirements and question set are reviewed and updated regularly by a team of experts from IASME to keep the controls effective to protect against common cyberattacks. IASME has created some guidance to help organisations in the education sector understand their position on Cyber Essentials compliance: Education - Cyber Essentials Knowledge Hub - Cyber Essentials Knowledge Hub
Benefits of the Cyber Essentials certification
The good news is that CE is a less costly and time-consuming certification to achieve than the current annual IT health check framework, so it will be easier for educational institutions to achieve compliance, while simultaneously improving their security position.
Some of the benefits of the framework include:
Protection against cyberattacks: Implementing the framework can help prevent around 80% of common cyberattacks. This is crucial for safeguarding your organisation from basic threats that many attackers exploit. By following the CE guidelines, educational institutions can streamline their cybersecurity processes, leading to increased operational efficiency.
Enhanced reputation, trust and credibility: Achieving certification demonstrates your commitment to cybersecurity, which will showcase your institution as a responsible leader in safeguarding data, and therefore, your students.
Compliance with regulations: Always stay ahead of new cyber security risks by assessing your systems against a recognised framework each year. And the scheme provides a straightforward framework for assessing and continuously improving your cybersecurity posture, making it easier to identify and address new vulnerabilities.
How PGI can help you prepare
Making the necessary changes to meet the new Cyber Essentials requirements will be a challenge for many educational institutions. Achieving certification is crucial to safeguard sensitive data, maintain trust and meet regulatory expectations, but it doesn’t have to be another tedious checkbox exercise! You can make the most of PGI’s human-led approach and tailored support to simplify the process and implement the necessary controls to maintain compliance.
Read more about the Cyber Essentials and Cyber Essentials Plus schemes.
If you would like extra support, our consultancy service offering includes:
- Remote support or full consultancy service: We prioritise a human-led approach, which means we provide a tailored service to all of our clients to suit their individual requirements. We offer a remote support service, or for those who need more in-depth guidance, a full CE consultancy service to help our clients both achieve certification and maintain compliance.
- Scoping and preparation: We can work with you to define the scope of your CE certification, ensuring all relevant systems are included and nothing critical is overlooked.
- Identifying key vulnerabilities: We can help you pinpoint potential weak spots in your current setup and provide strategic advice to address them effectively.
- Infrastructure adjustments: If there are areas that don’t meet CE requirements—such as an outdated Windows server—we can provide actionable recommendations to bring your systems into compliance. Our team can also advise on how to apply controls in complex environments.
- Evidence review and guidance: Our experts can help you gather the necessary evidence, walk you through the requirements, and prepare for the assessment process.
- Answer validation: After you’ve prepared your submission, we can review and assess your answers to identify any gaps or vulnerabilities.
Whether you choose our remote support service or an in-depth consultancy, our goal is to ensure you meet all requirements and you can manage your controls with confidence.
Get in touch with us today to see how we can help you achieve and maintain Cyber Essentials compliance.
Insights
Guidelines for the 2025 changes to Cyber Essentials requirements in the education sector
The Department for Education (DfE) is changing its IT security requirements to improve resilience against cyber threats in the education sector.
Manual vs. automated penetration testing: Which offers more value?
Rapid developments in AI have seen more companies adopting automated penetration testing to identify IT infrastructure vulnerabilities.
MEDIA RELEASE: Groundbreaking CREST CAMP Training launched in Kenya
The delivery of training within the CREST CAMP programme was officially launched on 20 January at Strathmore University in Kenya.