Cyber security essentials
Cyber Essentials is a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.
ESFA funded training organisations must meet their requirements for cyber essentials for the 2020 to 2021 funding year.
Training organisations will have the full 2020 to 2021 year to comply with the cyber essentials requirements.
We can only accept the cyber essentials accreditation and certification and if necessary request you provide proof that you hold this
Who needs to have cyber security essentials
All training organisations handling sensitive information need to meet the cyber security essentials requirements, including those providing training through the apprenticeship levy.
The ESFA will not impose this requirement on subcontractors.
Section 18 of your ESFA (Training Provider) Apprenticeship Agreement details the requirements in relation to:
- Data Protection
- Protection of Personal Data
- Cyber Essentials
This applies to all delivery under this agreement including levy delivery.
For training providers with an ESFA education and skills agreement, the requirements can be found as follows:
- Clause 20 Data Protection and Protection of Personal Data
The relevant clause varies by provider type. For example, clause 20 relates to the College agreement.
- Schedule 7 Security & Department Policies (including Paragraph 1.1 regarding Cyber Essentials)
For the funding year 2021 onwards training organisations will need cyber security essentials plus.
What information is available on cyber security essentials
You can also find additional guidance on cyber security from the National cyber security centre (NCSC).
If you have a specific query relating to your ESFA funding arrangements and cyber security then please include as much relevant information in your query through our enquiry form.