<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=5443458&amp;fmt=gif">


Risk management, security and privacy within education

Society, and thus education, is digitizing and with it digital risks are increasing. Data of pupils, students, parents and employees must be well protected. How digitally resilient are we really? And are we doing the right things to become more resilient? To achieve effective and efficient protection, good risk management is essential. Knowing what unacceptable risks you face gives direction to the implementation of your information security and data privacy. You can only use your capacity and spend your money once.


Information Security Policy

Educational institutions are increasingly aware of the need to regulate information security and privacy properly. Sector organizations and sector councils are drawing attention to this and administrators can be called to account by supervisors if, for example, no information security policy is available. Administrators are ultimately responsible for the security and privacy of (personal) data. Targeted steering and monitoring by the board and management is of great importance. The government insists on periodic security audits, performed by external parties.

To demonstrably get and keep your risk management, information security and data privacy in order for your educational institution, there are fortunately several best practices available. For example, Kennisnet has published the IBP (Information Security and Privacy) Approach, which is based on ISO27001 and ISO27002. This standard states how organizations can manage their digital risks and which security measures can be taken, in the areas of policy, organization, ICT, personnel and building management, among others. This provides an excellent structure and footing.


Approach to IBP

Perium has included relevant best practices in its platform especially for education. For example, validated digital risks are linked to the management measures of the IBP Approach. The deployment of this IBP Approach in combination with the use of Perium offers an educational institution many advantages such as working efficiently, reduced audit burden and being demonstrably in control. Other standards such as ISO27001/27002 also offer these advantages. A nice addition to these standards is the ISO27701. This is the standard in the field of privacy protection and helps you become compliant with the AVG/GDPR (data privacy).

Whatever standard you choose, Perium offers optimal support. You get a grip on your (digital) risks and the mitigation of these risks using your control measures. Our platform gives you real-time insight into your risks, control measures and improvement plans. This allows you to be efficiently and effectively in control and to perform security audits faster and cheaper.

Norms and standards