Cyber Essentials is a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.
ESFA funded further education and training organisations will endeavour to meet the requirements for cyber essentials for the 2020 to 2021 funding year. This requirement will continue for the 2021 to 2022 funding year.
We can only accept the cyber essentials accreditation and certification and if necessary, request you provide proof that you hold this or demonstrate an equivalent level of compliance.
Who needs to have cyber security essentials
All further education and training organisations handling sensitive information will endeavour to meet the cyber security essentials requirements, including those providing training through the apprenticeship levy.
The ESFA will not impose this requirement on subcontractors.
Section 18 of your ESFA (Training Provider) Apprenticeship Agreement details the requirements in relation to:
- Data Protection
- Protection of Personal Data
- Cyber Essentials
This applies to all delivery under this agreement including levy delivery.
For training providers with an ESFA education and skills agreement, the requirements can be found as follows:
- Clause 20 Data Protection and Protection of Personal Data
The relevant clause varies by provider type. For example, clause 20 relates to the College agreement.
- Schedule 7 Security & Department Policies (including Paragraph 1.1 regarding Cyber Essentials)
What information is available on cyber security essentials
You can also find additional guidance on cyber security from the National cyber security centre (NCSC)
If you have a specific query relating to your ESFA funding arrangements and cyber security then please include as much relevant information in your query through our enquiry form.