We have successfully worked across physical and information security as well as data protection in schools, colleges and universities.

Data Protection, Information and Cyber Security

As a learning establishment, the data you hold on the children under your supervision is of paramount importance and should be afforded an appropriate level of security. Too often we hear about sensitive information finding its way into the public eye and no-one wants to be at the sharp end of that publicity, especially if you are a school or college, be it state run or independent.

That’s why we have developed an audit process especially for you to identify your current security practices and ensure your data is safe. Here’s what we do and why…


  • Comprehensive review of security documentation, information systems, policies and procedures, including Data Protection and Acceptable Use
  • Interviews with key staff on effective implementation followed up by spot check discussions
  • Escorted tour of establishment to complete basic security check


  • Opportunity to fully grasp Information Security obligations
  • Ensure Data Protection compliance
  • Meet Children Act Regulations
  • Provide assurances and accountability to parents, Ofsted Inspectors and key stakeholders on Information Security
  • Meet obligations to school Governing Bodies and Local Authorities
  • Identify bespoke Information Security needs and general areas of security that need to be addressed

We also offer ISO27001 for Universities. See our dedicated ISO27001 page for details of the defacto information security standard and how we can help with certification or compliance.

Physical Security Reviews

Many independent and private educational facilities are being expected to provide evidenced assurance to governing bodies and other key stakeholders that their physical security is adequate and fit for purpose, as well as regularly reviewed and tested. During periods of reduced building occupancy, physical security requirements may change. Our reviews ensure spend is going in the right places and additional needs are not overlooked.

We have experience of providing comprehensive reviews and reporting in these situations, bringing the independent advice and support needed for this assurance. Our reviews include:

  • Checking physical systems are fit for purpose and operating within legislation and guidelines
  • Providing independent advice on vulnerabilities and how to mitigate the resulting risk
  • Working within existing risk assessments to improve and fine tune security measures
  • Ensuring wise security spend – we do not sell equipment or systems, we are there to advise
  • Ensuring measures are proportionate and conducive to a healthy environment for students, visitors and staff alike


  • A comprehensive review of security systems, including but not limited to CCTV, lighting, intruder systems, barriers, and door entry
  • A full report of findings with recommendations
  • Multi sites accommodated

The Information Commissioner’s Office (ICO) made a series of recommendations to higher education. This included great advice such as using specialist roles to help support good Data Protection and Information Security after the growth of data breaches in this sector. Those roles are Senior Information Risk Owner (SIRO), Information Asset Owner (IAO) and Data Protection Officer. We have offered specialist training for SIRO and IAO roles for many years and as well as offering training in Data Protection, we also offer an outsourced service which is acceptable under GDPR and Data Protection Act (2018)

Details of our training is on the training page along with access to our IAO Education Journey.

NHS and Public Sector bodies can now procure us directly from NHS SBS Cyber Security Framework, this includes direct awards and mini tenders.

SIRO training for Education

The role of the Senior Information Risk Owner (SIRO) is a key function across all areas of the Public Sector, including NHS, central government, nuclear, education, councils, NDPB’s and in some cases even suppliers to Public Sector are required to demonstrate the role.

This one 1-day course is designed for Senior Information Risk Owners in both the public and private sectors who need a more developed understanding of their responsibilities as SIRO.

If you are interested in our Public Sector SIRO training course please call 0121 559 6699 or contact us for information.

IAO training for Education

The role of Information Asset Owner (IAO) was initially developed for Government; its purpose was to give nominated individuals responsibility for managing risks to both personal and business critical information, and minimise the occurrence of information security breaches within the Government community, an issue that has caused widespread concern in the past and continues to challenge the public sector as technology advances and data sharing increases. It has since become and invaluable role in a range of organisations, including  the Higher Education sector, handling not only sensitive student and staff information assets, but valuable R&D data too.

Onsite Training Cost: £1800 +VAT for up to 20 delegates trained in two half day sessions. Maximum 10 delegates per session. If you are interested in our Public Sector IAO training course please call 0121 559 6699 or contact us for information.


If you are interested in our My Data Protection Officer service, please download our leaflet.

Cyber Security Foundation Course

If you are interested in our Cyber Security Foundation Course, please download our leaflet

ISO27001 Certification

If you are interested in ISO27001 Certification, please download our leaflet

Physical Security Reviews

If you are interested in Physical Security Reviews, please download our leaflet

From our Blog

The Advent IM View: University Data Breach and Cyber Security

Looking at the issues identified by the Information Commissioner’s Office (ICO) in UK Universities. Examining the level and nature of recent breaches, training levels of staff and a suggestion to help address these issues comprehensively. You can download a copy of our infographic here.


Senior Information Risk Owner (SIRO) Training

If you are interested in SIRO training, download our leaflet here

Red Teaming

If you are interested in red teaming, download our leaflet here

ISO27001 Certification Process

If you are interested in the ISO27001 certification, download our leaflet here

Red Teaming in Education


The Advent IM View on University Cyber Security

Data breach and cyber security training levels in UK universities

ICO Higher Education Security Risk Leaflet

Information from the ICO following its reviews of UK universities in 2018.

University Cyber Attacks Leaflet

Information on university cyber attacks.

Find out more about our work in the education sector.