RPA-compliant Cyber Response Plan for schools

What is an RPA?

Schools throughout the UK need to protect many different assets from unexpected events. In some cases schools have statutory duties.

The aim of the RPA is to protect schools against losses due to any unforeseen and unexpected event. RPA cover is very similar and comparable with a commercial insurance policy.

Creating the RPA compliance Cyber Response Plan a school

The Department for Educations risk protection arrangement (RPA) requires schools to have an appropriate Cyber Response Plan.

To help schools, the DfE has published Risk Protection Arrangement Cyber Response Plan Template.

The DfE template sets out the plans and actions to be taken in the event of a cyber security breach or incident.

Key points to remember about creating your plan

• Always ensure the RPA is reviewed and maintained, particularly when staff members change.
• There may be a few elements of the RPA which require the input of Soltech IT. Our advise is for a school to complete as much of the RPA as possible, before compiling a list of any questions we may be able to assist the school with.
• In the 'Critical Activities - Data Assets' section, allocate one of the specific timescales to each Data Asset as suggested.
• Always ensure staff have and an easily accessible copy of the response plan, along with other critical incident documentation available as per the school or MAT policies.

Police Cyber Alarm registration and setup for RPA

Police CyberAlarm is a tool which is available to schools for free. It is designed to help staff understand / monitor malicious cyber activity by monitoring and scanning for vulnerabilities.  As we understand it there is no mandatory requirement to install the collector.

How to implement offline backups for the RPA scheme.

Schools are required to have an offline backup system as part of the requirements of the cyber threat cover included within the DfE’s RPA.

What to backup?

It’s vital to have access to school data via backups. The downloadable Risk Arrangement Cyber Response Plan template contains a detailed list of what should be on a schools list of critical data.

Is your school backup secure?

School backups need be held entirely offline and not connected to a schools network or systems until absolutely necessary. This ensures backed-up data remains unaffected by any event that impacts your live systems.

Soltech IT backups of server data are held remotely and independently of a schools network or system, offsite in an encrypted format. Our backup software connects daily when necessary to generating and creating an individual backup for that day. Like wise and when necessary, data can be restored promptly to the schools systems. As standard, the backup retention period is 28 days, unless otherwise stated.

Have you tested your backup?

Schools should regularly test backups from all sources.

DfE RPA training requirements.

All staff, employees and governors of a school who have access to a school’s IT systems must complete NCSC Cyber Security Training. This is a free training course available from the NCSC website.

Full details of the RPA are on the DfE website.