We have successfully worked across physical and information security as well as data protection in schools, colleges and universities.

Data Protection, Information and Cyber Security

As a learning establishment, the data you hold on the children under your supervision is of paramount importance and should be afforded an appropriate level of security. Too often we hear about sensitive information finding its way into the public eye and no-one wants to be at the sharp end of that publicity, especially if you are a school or college, be it state run or independent.

That’s why we have developed an audit process especially for you to identify your current security practices and ensure your data is safe. Here’s what we do and why…


  • Comprehensive review of security documentation, information systems, policies and procedures, including Data Protection and Acceptable Use
  • Interviews with key staff on effective implementation followed up by spot check discussions
  • Escorted tour of establishment to complete basic security check


  • Opportunity to fully grasp Information Security obligations
  • Ensure Data Protection compliance
  • Meet Children Act Regulations
  • Provide assurances and accountability to parents, Ofsted Inspectors and key stakeholders on Information Security
  • Meet obligations to school Governing Bodies and Local Authorities
  • Identify bespoke Information Security needs and general areas of security that need to be addressed

We also offer ISO27001 for Universities. See our dedicated ISO27001 page for details of the defacto information security standard and how we can help with certification or compliance.

Physical Security Reviews

Many independent and private educational facilities are being expected to provide evidenced assurance to governing bodies and other key stakeholders that their physical security is adequate and fit for purpose, as well as regularly reviewed and tested. During periods of reduced building occupancy, physical security requirements may change. Our reviews ensure spend is going in the right places and additional needs are not overlooked.

We have experience of providing comprehensive reviews and reporting in these situations, bringing the independent advice and support needed for this assurance. Our reviews include:

  • Checking physical systems are fit for purpose and operating within legislation and guidelines
  • Providing independent advice on vulnerabilities and how to mitigate the resulting risk
  • Working within existing risk assessments to improve and fine tune security measures
  • Ensuring wise security spend – we do not sell equipment or systems, we are there to advise
  • Ensuring measures are proportionate and conducive to a healthy environment for students, visitors and staff alike


  • Comprehensive review of security systems, including but not limited to CCTV, lighting, intruder systems, barriers and door entry
  • A full report of findings with recommendations
  • Multi sites accommodated

The Information Commissioner’s Office (ICO) made a series of recommendations to higher education. This included great advice such as using specialist roles to help support good Data Protection and Information Security after the growth of data breach in this sector. Those roles are Senior Information Risk Owner (SIRO), Information Asset Owner (IAO) and Data Protection Officer. We have offered specialist training for SIRO and IAO roles for many years and as well as offering training in Data Protection, we also offer an outsourced service which is acceptable under GDPR and Data Protection Act (2018)

Details of our training is on the training page along with access to our IAO Education Journey.

NHS and Public Sector bodies can now procure us direct from NHS SBS Cyber Security Framework, this includes direct awards and mini tenders.

IAO training for Universities

The role of Information Asset Owner (IAO) was initially developed for Government; its purpose was to give nominated individuals responsibility for managing risks to both personal and business critical information, and minimise the occurrence of information security breaches within the Government community, an issue that has caused widespread concern in the past and continues to challenge the public sector as technology advances and data sharing increases. It has since become and invaluable role in a range of organisations, including  the Higher Education sector, handling not only sensitive student and staff information assets, but valuable R&D data too.

Onsite Training Cost: £1800 +VAT for up to 20 delegates trained in two half day sessions. Maximum 10 delegates per session. If you are interested in our Public Sector IAO training course please call 0121 559 6699 or contact us for information.

From our Blog

University of Hertfordshire’s entire IT system offline after cyber attack

Online classes are cancelled as every IT system is taken down by the attack Read via ItProPortal.

From our Blog

The Advent IM View: University Data Breach and Cyber Security

Looking at the issues identified by the Information Commissioner’s Office (ICO) in UK Universities. Examining the level and nature of recent breaches, training levels of staff and a suggestion to help address these issues comprehensively. You can download a copy of our infographic here.

From our Blog

Ransomware warning: Hackers are launching fresh attacks against universities

Cybersecurity agency warns about a spike in ransomware attacks targeting universities and colleges. Read the story by Danny Palmer in ZDNet

From our Blog

Over Half of Universities Suffered Data Breach in Past Year

Over half (54%) of UK universities reported a data breach to the regulator in the past 12 months, with an average of two reports each, according to new Freedom of Information (FOI) data collected by Redscan. Read full story by Phil Muncaster for Infosecurity Group

From our Blog

Universities: ICO data protection recommendations

Visit our Education sector page to find our services or call us and ask about our specialist data protection and security services for Education. Download visual >>click

From our Blog

Ransomware marches on..

The scourge of business, public sector and individuals, ransomware, shows no signs of abating and my heart sinks every time I see a headline where a vulnerability in an organsiation is exploited by this cynical malware. Most recently, students at a school in Plymouth, lost GCSE and and A level coursework after their school was […]

Latest News

Newcastle University cyber attack ‘to take weeks to fix’

Newcastle University has been hit by a cyber attack which is expected to take “a number of weeks” to sort out.


The Advent IM View on University Cyber Security

Data breach and cyber security training levels in UK universities

ICO Higher Education Security Risk Leaflet

Information from the ICO following its reviews of UK universities in 2018.

University Cyber Attacks Leaflet

Information on university cyber attacks.

Red Teaming in Education



Find out more about our work in the education sector.