Risk management, security and privacy within education
Information Security Policy
Educational institutions are increasingly aware of the need to regulate information security and privacy properly. Sector organizations and sector councils are drawing attention to this and administrators can be called to account by supervisors if, for example, no information security policy is available. Administrators are ultimately responsible for the security and privacy of (personal) data. Targeted steering and monitoring by the board and management is of great importance. The government insists on periodic security audits, performed by external parties.
To demonstrably get and keep your risk management, information security and data privacy in order for your educational institution, there are fortunately several best practices available. For example, Kennisnet has published the IBP (Information Security and Privacy) Approach, which is based on ISO27001 and ISO27002. This standard states how organizations can manage their digital risks and which security measures can be taken, in the areas of policy, organization, ICT, personnel and building management, among others. This provides an excellent structure and footing.
Approach to IBP
Perium has included relevant best practices in its platform especially for education. For example, validated digital risks are linked to the management measures of the IBP Approach. The deployment of this IBP Approach in combination with the use of Perium offers an educational institution many advantages such as working efficiently, reduced audit burden and being demonstrably in control. Other standards such as ISO27001/27002 also offer these advantages. A nice addition to these standards is the ISO27701. This is the standard in the field of privacy protection and helps you become compliant with the AVG/GDPR (data privacy).
Whatever standard you choose, Perium offers optimal support. You get a grip on your (digital) risks and the mitigation of these risks using your control measures. Our platform gives you real-time insight into your risks, control measures and improvement plans. This allows you to be efficiently and effectively in control and to perform security audits faster and cheaper.