As the trusted partner for over 200 schools worldwide, 9ine has helped many organisations assess their systems and services for security weaknesses that, if left unsecured, could have led to a network compromise.
Organisations are under increasing pressure from regulatory updates, changes in compliance laws and employee expectations to ensure that the data they process is held securely. Failure to do so can result in regulatory fines, a loss of new business ...
Many organisations will have had to modify existing solutions and services or install and commission new systems and services to facilitate remote working. Whether the chosen solutions were expanded, modified or brand new, your organisation needs to ...
Most schools have tried their hand at variations of distance learning, from delivering lessons via virtual learning environments (VLEs) to presenting school assemblies via video conferencing platforms such as Zoom. Data Privacy and safeguarding ...
One day you click on a folder and a message appears on your screen, telling you that access has been denied to your files until you pay a certain sum of money for a key to unlock them. You try another folder, but the message reappears. After several ...
The National Centre for Cyber Security recently published an alert for those responsible for IT and Data Protection in education. The alert brings to light an investigation into an increase in ransomware attacks affecting the UK education sector ...
![[Latest News] Privacy Shield Invalidated - EU Ruling On EU-US Data Flow](https://www.9ine.uk.com/hubfs/Schrem_blog_header.png)
The Schrems II decision was announced earlier this week and the EU-US Privacy Shield has been declared to be inadequate.
In order to excel in your governance of data privacy and protection, it is essential that there is understanding and visibility of all personal data being processed by your organisation. You need to understand clearly who has access to it, where the ...
A core part of data privacy and protection compliance is about demonstrating accountability. This includes the ability to evidence management accountability, to demonstrate who will be assuming which responsibilities as part of an equally ...
A well-planned governance, risk and compliance (GRC) strategy comes with lots of benefits: improved decision-making, more optimal IT investments, elimination of silos, and reduced fragmentation among departments, to name a few.
Without a doubt, the most successful data protection initiatives that we have seen in the education sector are those that have had buy-in from team members across the school. This doesn’t just mean approving the necessary funds to bolster compliance ...
A good data protection program starts with good governance. Governance is the thinking behind the implementation of strategy and a key activity in any data protection initiative. Governance underpins compliance and accountability, and there are ...
![Cyber Crime in Schools [Webinar Recap]](https://www.9ine.uk.com/hubfs/Cyber%20Security%20in%20Schools.png)
In this blog we reveal some of the most common cyber threats to the education sector and explore questions such as who is committing cyber crimes, what is at stake, where the risks lie and why schools are vulnerable? We provide some simple steps ...
![[COVID-19 UPDATE] Disclosure of Predicted Grades and IB World Schools](https://www.9ine.uk.com/hubfs/IB%20Blog.png)
In the aftermath of the decision to cancel exams by the International Baccalaureate (IB), we have received a number of enquiries from IB World Schools about the disclosure of predicted grades to their students ahead of final moderation by the IB.
With the COVID-19 situation forcing global school closures, schools have hastily introduced new platforms to continue delivering lessons. When it comes to video conferencing, the most popular choice has been US based company, Zoom. With growing ...
![[COVID-19 UPDATE] FAQs: Data Protection for School Counselling and Health](https://www.9ine.uk.com/hubfs/Blog-health-and-safeguarding.png)
When reporting COVID-19 confirmed cases, how can we ensure we meet the requirements of the GDPR? Can online school counselling sessions be recorded? Find out in our latest blog written by 9ine's Senior Data Protection Consultant, Judith Downing.
![[COVID-19 UPDATE] FAQs: Video Conferencing, Remote Learning and Data Protection](https://www.9ine.uk.com/hubfs/Blog-remote-learning--FAQs.png)
With the rush to implement video platforms that profess to offer safe and secure remote learning, we have compiled a list of frequently asked questions that we've received from schools worldwide, to help guide your decision making and governance.
![[COVID-19 UPDATE] Assessing and Deploying New Software Platforms](https://www.9ine.uk.com/hubfs/Blog-Processor-Assessment.png)
In our previous blog, Data Protection Guidelines for Remote Working and Data Sharing, we published some simple steps to help you identify the risks and mitigating actions of remote working and data sharing. In this blog we share an essential Data ...
It has been reported that a suspicious email is currently being sent to an education sector association. An attacker is contacting individuals and purporting to represent the association.
![[COVID-19 UPDATE] Supporting School Business Continuity](https://www.9ine.uk.com/hubfs/Blog--BCP-2-vision.png)
School IT systems are like buildings. If you are constructing a building from the ground up you would develop plans, specifications, an operations manual and ‘as-built’ drawings. This governance gives confidence that should something happen to the ...
![[COVID-19 UPDATE] Data Protection Guidelines for Remote Working and Data Sharing](https://www.9ine.uk.com/hubfs/Blog-remote-learning-data-protection.png)
In the current climate, it is important that schools do not use data protection regulations to discourage remote working or data sharing data, but instead, sensibly evaluate the impact of these processing activities, taking into account the risks to ...
Over the last two years, we have spent hundreds of hours working with individuals and departments mapping data processes in line with data protection compliance (EU GDPR Art.30). These data mapping exercises have highlighted many technical and ...
9ine are supporting schools around the world in the eventuality that they are required to provide school services remotely as a result of the outbreak of COVID-19. To assist you in planning the transition to remote learning we've created a useful, ...
Q. I work for an international school in China and I want to recruit a teacher from the UK with British curriculum criteria, does the GDPR apply?
Last week US Senator Kirsten Gillibrand (D-NY) published a bill which, if passed, would create a US federal data protection agency designed to protect the privacy of Americans and with the authority to enforce data practices across the country. The ...
A data breach is a very different type of crisis to others that you may encounter in your school and is likely to occur where a security incident leads to an interference of personal data. A data breach has its own set of common characteristics. ...
![[Updated] Six Key Areas to Help Schools Prepare for Brexit](https://www.9ine.uk.com/hubfs/9ine_Blog_Social_Bexit%281%29.png)
During a recent 9ine webinar for international and UK school leaders, we shared an overview of what schools need to know in order to prepare for Brexit. During the webinar we shared an opinion poll with our audience. The majority of our listeners ...
Each month Heidi-Anne O'Neill, 9ine's in-house Data Protection Solicitor shares a frequently asked question to assist school leaders in solving problems and developing best practices in data protection and cyber security.
Technology is transformative. In 2020 schools and universities worldwide are dependent on the IT infrastructure that supports them. As schools embrace mobility, collaboration and cloud services, technology evolves beyond a purely IT consideration to ...
Providing staff with the privilege of access to data when working remotely is standard practice across schools. Staff will often access the school network during a break at a conference facility, while working in a cafe, hotel lobby, or while using ...
In this seventh blog in the series which builds upon every stage of the NCSC's 10 Steps to Cyber Security, we look at Event Log Monitoring. In our previous blog, User Privileges, Passwords and the Human Firewall, we outlined how good user management ...
In this sixth blog in the series we look at User Privileges, following the guidance from the UK National Cyber Security Centre (NCSC). We explore how schools can reduce the likelihood and impact of a cyber attack through effective use of user ...
To comply with section 6.9 - 6.12 of the Academies Financial Handbook, Multi-Academy Trusts (MATs) must be aware of the risk of fraud, theft and irregularity. Cyber security is specifically referenced by the Education & Skills Funding Agency (ESFA) ...
Cyber Security Guidance from the Charity Commission
Cyber Security: Incident Management - Improving Resilience and Supporting School Business Continuity
In this fifth blog in the series, we look at Incident Management, following the guidance from the UK National Cyber Security Centre (NCSC). We explore how schools can ensure that with well structured, clearly written incident plans and procedures, ...
Should we be using WhatsApp for Internal Communication in Schools? Carrier pigeon, telegram, fax, post-it note, email...methods of communication have changed considerably over time and alongside advances in technology. The rise of the smartphone and ...
Have you ever been asked, "how secure is our cloud platform?" or, "how can we minimise the risk of a data breach in our cloud apps?”
In this fourth blog in the series, we look at Malware Prevention, following the guidance from the UK National Cyber Security Centre (NCSC). We explore how schools can ensure that the appropriate technical and organisational measures are in place ...
KEY CHANGES WILL BE IMPLEMENTED THIS YEAR WITHIN CIS’ REVISED INTERNATIONAL ACCREDITATION PROTOCOL Over the past year there have been significant developments to international data protection law. Many of our schools have been confused as to what ...
In this third blog in the series, we look at user awareness. We explore how schools can implement technical and organisational measures to protect further the confidentiality, integrity and availability of information and information systems. With ...
Due to the success of 9ine’s data protection research at the start of the year and the cyber findings uncovered during the analysis, we are currently conducting further global research specifically into the state of cyber security within schools. ...
In this blog, the second in the series, we look at Network Security, following the guidance from the UK National Cyber Security Centre (NCSC). We explore how schools can implement technical and organisational changes in order to further protect the ...
The following is the first in a series of blogs where 9ine explores how schools can implement technical and organisational changes to protect the confidentiality, integrity and availability of your information and information systems. We will be ...
Schools need to be prepared and ready for a no-deal Brexit The EDPB has just published adopted (12th February 2019) guidance on the requirements on organisations processing personal and sensitive data to and from the UK.
How is A Vulnerability Assessment achieved? In our last blog, “How to secure is your school from Cyber attacks?” we outlined that schools need to move from defensive to offensive measures against cyber attacks, and the first step listed was to ...
Do you know who holds your personal information? How reassured do you feel that your information is being managed in line with the General Data Protection Regulation (GDPR) principles underpinning your national data protection laws? Are you ...
In the headlines... Since the beginning of 2018 and through to the lead up of the updated data protection regulations [GDPR] in May 2018, one of the subjects dominating the news is the number of companies losing data, more often than not through ...
The General Data Protection Regulation (GDPR) forms part of the data protection regime in a number of European countries through their national statute. In the UK, this is reflected in the revised 2018 Data Protection Act (DPA 2018). What we are ...
The UK’s National Cyber Security Centre (NCSC) has published a report created by the collaborative research efforts of the cyber security authorities from Australia, Canada, New Zealand, the UK and the USA. The purpose of the report is to support ...
The ESFA Academies Financial Handbook (AFH) cosigns a range of difficult obligations for trusts to comply with. Included within Section 2.2, is the need for trusts to establish robust control frameworks whilst having sound internal control, risk ...
Would you recommend 9ine’s training to a colleague or person involved with data protection within education?
Data protection law is changing on a global scale. Initiated in part by the General Data Protection Regulation (GDPR) in the EU, countries across the world have adapted, changed or brought in new legislation to align their data protection ...
Within the working world, changing data protection law has placed legal obligations upon the management of employees’ personal data - including the set-up, configuration and management of the IT devices, systems and services.
Whichever sector you operate in, new data protection law makes it a legal requirement that you assess the risks to your IT systems and services. Your journey to compliance should therefore start with a thorough assessment of your current IT and data ...
Data Protection Headache? Breach Nightmares? Manage Your GDPR Journey with 9ine's Compliance Toolkit
When it comes to data protection compliance, one of our most frequent requests is, “how can I keep track of the many projects related to the GDPR.” Managing the road to compliance is a headache for even the most organised Project Managers tasked ...
Continued professional development (CPD) refers to the regular enhancement of knowledge and learning abilities, which professionals should seek to ensure a high level of competency and progression within their career. CPD can be a record of gained ...
In May 2018, the Information Commissioner's Office (the UK data protection supervisory authority) published guidance on the completion of data protection impact assessments (DPIAs). The guidance is nothing new; it summarises the European Data ...
The recent revised and adopted guidelines on personal data breach notification under the GDPR have been published. These guidelines set out examples of what a personal data breach is and the actions expected of data controllers and processors. This ...
The GDPR principle of ‘accountability’ requires schools to demonstrate compliance with the regulation. Within this update we discuss what this means in practice. For more information on how we can support your school, see our DPO Essentials Service ...
A former IT Manager at a school in Surrey has been found guilty of seven offences including fraud, cyber-crime and burglary following discoveries made by 9ine Consulting in an IT audit and assurance review. 9ine were commissioned in January of 2016 ...
The GDPR makes it a requirement for all public authorities (state funded schools) to have a designated Data Protection Officer (DPO). All other types of school must document and undertake an internal analysis to determine whether a DPO needs ...
Education organisations are facing a challenge to understand how changes to recent data protection law has changed their auditing and compliance obligations. The GDPR brought with it a range of accountabilities in areas such as risk management, ...
After months of waiting, the GDPR is recognised into law across the EU. Within the UK this was through the Data Protection Act 2018 and in countries across the EU, through similar legislation. In countries outside the EU, the obligations of the GDPR ...
The Information Commissioner's Office (the UK data protection supervisory authority) last week published its Regulatory Action Policy. The policy has been created to provide direction and focus for those they regulate, specifically the action that ...
There is confusion in regard to the appoint of a Data Protection Officer (DPO), their responsibilities, the Data Controller's responsibility to the DPO, and also whether those obligations dissipate if a DPO isn't legally required. This article ...
In preparation for the GDPR, organisations need to take certain steps to demonstrate they are taking the regulation seriously. In supporting education organisations, we have taken the guidance from the UK Supervisory Authority* and adapted it for ...
The ICO have provided a range of updates and additional guidance since the last 9ine blog. In the last few weeks they have issued a consultation document on Children and the GDPR (see below), updated guidance on the lawful basis of processing for ...
Have you been approached by a cold caller trying to sell GDPR training or claiming to be a GDPR expert?
Guidance from the Article 29 Data Protection Working Party has been issued on the approach schools should take when considering fines for data breaches and non-compliance of the GDPR.
To comply with the GDPR, you need to know when you are a Data Controller or a Data Processor and what your obligations entail. In fact, you may even be a Joint Controller.
G-Day is just six months away. As part of our ongoing guidance, here we look at Governance - one of the three main areas of GDPR, along with Data Protection and Cyber Security.
Data protection by design and default is a key feature of the General Data Protection Regulation (GDPR), which comes into force in May 2018.
When a data breach occurs, organisations must demonstrate to its supervisory authority the mechanisms they have in place to manage the GDPR. In the UK, the authority is the ICO.
The GDPR countdown is on. And, if you’re feeling confused by the endless technicalities, numerous clauses and threats of hefty fines, we’re here to cut through the noise with some plain talking.
The majority of schools will need to appoint or reaffirm the appointment of a data protection officer (DPO) to comply with the General Data Protection Regulation (GDPR). In this blog - the fifth in our comprehensive GDPR series – we explore the role ...
![GDPR in Schools: Five practical suggestions for compliance [Guide]](https://www.9ine.uk.com/hubfs/9INE_blog-header-600x300.jpg)
The GDPR is a complex subject. Not only does it contain 99 interlinked articles. To understand just one of your obligations, you often have to read multiple articles and review guidance on the ICO website.
As followers of our GDPR series will already be aware, compliance with GDPR is mandatory. (For an introductory overview, read our first GDPR article.) However, preparation takes time and is likely to be disruptive.
Your data protection obligations as a school are about to change significantly. Under the General Data Protection Regulation (GDPR) – legally enforced from May 25th, 2018 – your school is liable for fines of up to 4% of global revenue (or €20m, ...
New data protection laws are soon to be introduced which will have major implications for all schools. The EU General Data Protection Regulation (GDPR) comes into effect on May 25th 2018 and every school will have to comply or face financial ...
The recent global cyber attack affected hundreds of thousands of computers and caused widespread confusion and concern. As we reported recently, we’ve helped schools who have been hit by similar ransomware.
Cyber security is a growing issue in schools. Not only are cases of cyber crime increasing, but the regulatory framework around data protection means that schools now need to be sure that they are tackling risks associated with cyber security.
The impact of technology investment in most organisations can be measured by changes in outputs and/or revenue. But for schools, the impact of an increase in technology spending is much harder to measure. Companies can more readily justify their ...
It is hard to envisage a future in which children do not have a device with them to support their learning. Tablets are now a common sight in schools and with the rise of wearable technology in other aspects of life, it surely can’t be long before ...
9ine is engaged by schools for any number of reasons, but for the most part it’s because something has gone wrong. By the time we come in, there is normally a particular issue or system that has been singled out as the culprit to be tackled. This ...
School budgets are tight. Money is rightly prioritised towards staffing and the needs of teaching and learning, while more and more bursars and business managers try to extend the life of their ageing IT hardware. On the face of it, this is a ...
Every school is aware it has blind spots. A high number of them usually sit within the reliability and compliance of the IT provision. Senior leaders know that they don’t have complete knowledge of the status of critical processes and systems, while ...
It’s top of your list of nightmares: the IT fails and you lose all of your files, contacts and data. All student work is gone, nobody can log in to a computer, communication breaks down and the school grinds to a halt. Through the panic, you ...
Schools are bigger than they look. Anybody who teaches or works at a school knows that it is a community, representing and working alongside a wide range of other groups and individuals located outside its four walls. Being at the heart of this ...
Think of how you work with your school computer(s) and ask yourself the following questions: Does it seem like there is more than one system that does the same thing at your school? Are you teaching lessons with PowerPoints from years ago, stored in ...
The EFA Financial Handbook has been updated and it’s a thrilling read! There are some interesting changes that MATs and Academies need to address. The foci of the changes are predominantly around risk management, audit and compliance. Specifically, ...
The Haberdashers' Aske's Federation has a vision for all students and staff to have access to IT and to the support and training to enable them to use IT to improve learning outcomes. To achieve this vision it was necessary to investigate the ...
All schools use a range of software for teaching and learning, as well as for their administrative and support operations. In most cases, these applications are stored and made available using a mixture of CD-ROM, USB, computer imaging, VLE hosting ...
Here at 9ine we have been speaking with ex-BSF schools who are champing at the bit to get to the end of their IT Managed Service contracts so they can leave what they often see as a “one size fits all”, rigid service, in order to start afresh with ...
You may have read some recent blogs about 9ine's Digital Learning Programme (DLP). The DLP enables school leaders to improve areas of weakness using appropriate technology and resources. The methodology we have developed provides weekly measurable ...
For any school looking to migrate to the cloud, planning is essential. Unfortunately, moving to the cloud can open a maelstrom of broken links and incompatibilities across a wide array of school services. Some of which you can prepare for and others ...
Many schools celebrated their personal successes in this year’s GCSE results, despite the news being dominated by an overall decline in the reported A*-C pass rate. Although this decline is in part attributable to the figures for the new, compulsory ...
As you may be aware, the updated Keeping Children Safe in Education guidance came into effect yesterday, September 5th 2016. You can read more about the updates in our blogs from June and July below: Part 1 - What do the changes to the guidance ...
INTRODUCTION: The challenge for school leaders at this time of year is determining how to immediately improve teaching performance in those subjects or areas that are underperforming. Immediate, targeted intervention is required, with weekly ...
![ICT and Safeguarding Health Check [9ine Guide]](https://www.9ine.uk.com/hubfs/Internet-Safety.jpg)
From September 5th 2016 schools are expected to take a more rigorous approach to managing the risks associated with access to technology. In doing so, schools need to put in place management processes, procedures and systems to ensure they are ...
The consultation for changes to the statutory guidance ‘Keeping Children Safe in Education’ has concluded with the government having published the changes that commences on September 5th 2016. This article is Part 3 of a three part update. Part 1 - ...
A few weeks ago we talked about the challenges schools are facing when embedding 1:1 devices in learning. We highlighted how a number of our schools have addressed the challenges they faced by providing structured training and development with a ...
The consultation for changes to the statutory guidance ‘Keeping Children Safe in Education’ has concluded with the government publishing changes that come into effect on September 5th 2016. This article discusses what the guidance means for schools ...
![Keeping Children Safe in Education - 2016 Changes [9ine Guide]](https://www.9ine.uk.com/hubfs/JUL16_ICT%20AND%20SAFEGUARDING%20HEALTH%20CHECK%20%5B9INE%20GUIDE%5D.jpg)
The consultation for changes to the statutory guidance ‘Keeping Children Safe in Education’ has concluded with the government publishing changes that will come into effect on September 5th 2016. Over the coming weeks we will be publishing three ...
![[Our experience at the ISBA 2016]](https://www.9ine.uk.com/hubfs/JUN16_OUR%20EXPERIENCE%20AT%20THE%20ISBA%202016-1.jpg)
We would like to say a big thank you to ISBA for allowing us to discuss our services and distribute our 9ine branded water, which proved rather popular in the morning of the second day - possibly the result of too much wine being consumed on the ...
The term ‘independent learning’ is often used to describe a critical skill for learners to master and an essential element of highly competent teaching practice. But, for a learner to be truly independent, they need to do more than simply receive a ...
Over the past 12 months the government has published draft statutory guidance titled ‘Keeping Children Safe in Education’. In a recent keynote we presented, less than 10% of school leaders had read or were aware of the guidance and its impact on ...
Can Apple’s new iPad features transform the Apple classroom experience? Apple recently announced a feature-packed update to its iOS platform, supporting iPads/iPhones and iPods. The new update brings us one step closer to a major overhaul in the way ...
Over the past three years, mobile device technology has been continuing growth within UK schools. Historically, schools have invested in tablets without fully considering the rigorous planning and research involved, leaving them unable to properly ...
INTRODUCTION: All too often, we see wireless networks in schools having a negative impact in education. 9ine know for a fact that this does not have to be the case as an up-to-date wireless solution can add great benefit to the teaching and learning ...
![Why buying more technology for schools could be the wrong move [9ine Guide]](https://www.9ine.uk.com/hubfs/MAR16_WHY%20BUYING%20MORE%20TECHNOLOGY%20FOR%20SCHOOLS%20COULD%20BE%20THE%20WRONG%20MOVE-1.jpg)
INTRODUCTION: In a recent BESA research note, primary schools will increase their spending on technology by 3.6% and secondary schools by 2.8% in 2015/16. Within this, the priority of spend is wireless networking, PCs /Laptops/ Tablets, flat-panel ...
INTRODUCTION: If technology is not effective within a school environment then it can have a severe impact on the core business of teaching and learning. In some instances problems become so entrenched that the culture of the school changes to ...
