RPA Cyber Security Insurance
Free RPA Cyber Insurance – Are You Eligible?
Many of our schools are enrolled with the DfE’s Risk Protection Arrangement (RPA) for insurance cover. This cover has recently been extended to provide cyber insurance, but only should schools meet certain prerequisites. Irrespective of being compliant for the RPA, these prerequisites are beneficial to look into and consider implementing at your school. Below we look into each of these prerequisites and how to meet them (in order of complexity/cost).
Prerequisites for RPA Cyber Insurance Eligibility
Register with Police Cyber Alarm
The base requirement for this control is just to register with the police “Cyber Alarm” service. It should be noted that this does not require the full installation of their data collection tool on your network unless you are fully comfortable with the security and data protection implications of that additional step.
Have a Cyber Response Plan in Place
Pending any existing compliance with this control, the RPA provides a template response plan on the members portal which you can utilise and tailor to your own purposes. Schools signed up to Partnership Education’s Silver or Gold level Cyber Support packages will have access to a personally tailored response plan and procedure, along with a range of other templated, best practice security policies.
Have Completed NCSC Training for all Employees and Governors
This requirement presents a logistical challenge as much as anything. The NCSC provides a pre-built slide deck with matching YouTube video of its latest education specific cyber training. To meet this requirement, you must ensure all staff (and governors) have been shown this training. Additionally, you will need to keep a documented, auditable record of all of this training
Have Offline Backups
Unless you have already focused on backup and implemented a “3-2-1” based system, this is likely to represent the most work/cost to implement. Having compliant, offline backups involves having some form of backup which is kept separate from your live environment and only connected while backups are being run. The most common solution for this is to implement a cloud-based backup solution, although there are some more manual, but cost effective ways of dealing with this. If you are unsure if you have offline backups, please speak with your Partnership Education Account Manager or local Technician.
Subject to getting all of the above items in place we would recommend liaising with the RPA to confirm your eligibility, enrolment and in particular the dates from which you will be covered. Speak with your PEL account manager if you are unsure about meeting any of these requirements.