Version 1.0 - Last Updated: 20 Sep 2022

Cyber-attacks: Responsibilities

Your and our responsibilities in the event of a cyber-attack or security incident

Cyber-attacks

Cyber-attacks or security incidents are becoming more prevalent in the education sector. Some of these can result in the loss of our data or restricted access to our systems. This can affect our ability to make payments to our customers.

We’ve created this guidance to ensure we’re prepared to respond to these attacks. It sets out the roles and responsibilities for us and for you as an education provider. This will help to minimise any consequences and ensure we can continue to pay our customers where possible.

Your responsibilities

If there is a cyber-attack or security incident that affects your student data system so you cannot make data returns to us, you must contact your FE Account Manager within 24 hours of becoming aware of the incident.

You should check the following information and share this with your account manager.

  1. Are your contact channels secure? For example, can you use your emails, phone lines, Microsoft Teams or other communication platforms?

  2. Do you know if student finance data has been compromised?

  3. What systems do you still have access to?

  4. Can you still enter data on the Learning Provider Portal? For example, can you still confirm attendance or change of circumstances or enter Unique Learner Numbers?

Our responsibilities

Your account manager will report the cyber-attack or security incident to our Incident Management team. The Incident Management team will then instigate our Cyber Security Attack Protocol.

Our security team will contact you to discuss the details of the security incident and will identify the level of risk.

Your account manager will:

  • act as the point of contact between you, our GDPR Executive and the Incident Management team

  • set up regular keep in touch (KIT) meetings with you during the investigation and give you updates

  • create an action plan with you that includes timelines for completing work

  • check with our security team to see if we need to lock your user accounts and reset your passwords

  • hold a final review meeting with you once both you and we are ready to return to business as usual

  • tell the Incident Management team once you’ve completed your action plan