12/09/2023

Baseline Measurement Framework for Information Security and Privacy (IBP) FO

Read the reportMeet the researchers

Where do school boards in primary education stand in terms of information security?

The text on this page was automatically translated and hence may differ from the original. No rights can be derived from this translation.

In an independent and representative study involving 15 school boards (with a total of 80,000 students), Dialogic has examined where they stand in relation to the Framework of Information Security and Privacy for Primary Education. The results show that - despite differences between the boards - not a single school board fully complies with the standards and the responsibility for digitally secure education. Boards must therefore take action to become digitally resilient and ensure a safe school organisation. To support this process, the Digital Safe Education programme provides tools and guidelines. To determine the support needs of school boards, a classification has been made based on board type. The study identifies four types of boards and what can assist them:
  1. Pioneers (policy and practice): These boards have their policies in order and sufficient expertise to implement them in practice. This type of board does not yet meet all the standards of the Framework of ISPF PO, but has the resources to achieve them.
  2. Implementers (practice without policy): These boards have enough ISPF experts in-house, but lack the organizational support for policy implementation. This type of board needs assistance in raising awareness among staff and education personnel, so that responsibility for ISPF is felt throughout the organization, rather than by a small group of people.
  3. Thinkers (policy without practice): These boards contemplate policies related to ISPF, for example, following a cyber attack, but lack the capacity to execute this policy. This type of board requires external expertise that they can deploy and consult, for instance in the form of best practices or an information point where they can ask questions.
  4. Laggards (no policy and no practice): These boards lack both policy and execution. They fear that attention to ISPF will detract from regular education focus. This type of board benefits from understanding the importance of ISPF, as information security is crucial for them too. Furthermore, providing knowledge and expertise assists them in taking action.