What is the RPA
The risk protection agreement (RPA) is available to schools in England and is an alternative to commercial insurance with tailored cover for schools and academy trusts; with the potential to save schools time and money. It offers schools financial protection, peace of mind and access to support; encompassing risk management advice and training. It includes employers’ liability, professional indemnity, business interruption and cyber cover. Full details of the cover is available on the government’s RPA website.
Who are Secure Schools
Secure Schools are cyber security specialists dedicated to protecting schools, academies, and multi-academy trusts (MATs). They provide tailored security solutions to help educational institutions reduce cyber security risks with specialist tools and services including risk assessments, vulnerability testing, staff training and policy building. Our partnership with Secure Schools reflects our commitment to helping the education sector build a safer digital environment.
Cyber cover with the RPA
The RPA provides insurance against cyber incidents. This covers costs and additional expenditure that was reasonably incurred as a result of a cyber attack, in order to minimise an interruption as well as incident response services and remediation services – full terms are available on the RPA.
Cyber cover conditions
To comply with the RPA’s conditions of cover for cyber incidents, members are required to meet and evidence four conditions:
1. Have offline backups. They should follow the NCSC’s offline backups rule, be tested appropriately and back-up all your key data, as per the NCSC’s guide for backing up data.
2. Ensure all employees and governors (anyone with access to your IT systems) undertake the NCSC cyber security training for school staff. The training allows employees to self-learn by watching an online video and earn their own certification.
3. Register with Police CyberAlarm. This is a free tool funded that monitors and reports suspicious cyber activity on your Internet connection.
4. Implement a Cyber Response Plan. This is a plan for contingency and recovery in the event of a cyber-attack.
This information is available in full from the RPA section of the gov.uk website under the section “Full details of your cover”. Guidance is available for academy trusts, church academies, local authority maintained community schools, voluntary aided and voluntary controlled schools.
How can Secure Schools help?
1. Secure School’s policy builder tool enables your school to create compliant policies with ease, as well as keeping track of changes, and monitoring engagement – keeping a record off who’s viewed and signed them.
2. Secure School offer self-led or assessor-led auditing to ensure you’re meeting criteria and identify areas for improvement.
3. Cyber security awareness training, in addition to the NCSC training to better enable staff to recognise threats and how to respond and report them – developing a security-conscious culture.
Next steps
We provide managed IT services to schools and academy trusts, and can offer advice and guidance on how to become compliant with cyber security elements of the risk protection agreement. If you’d like to discuss the RPA or are interested in Secure Schools services, contact us here to arrange a chat with one of our advisors.