While on the surface the DfE Digital Standards and Cyber Essentials might seem to focus on cyber security and ask similar questions there are differences, they serve different purposes and would be completed mostly by different types of staff members.
The DfE Digital Standards
The DfE Digital Standards is a framework from the UK government to assist schools with purchasing digital services, systems, hardware and software. It ensures their digital infrastructure is secure, efficient and fit for purpose by focussing on the school's strategies.They start by focusing on the roles and responsibilities of SLT while looking at security, cloud services, networking, data protection and filtering and monitoring. This ensures that organisations have robust, scalable and secure IT systems while following data protection law.
The DfE Digital Standards help organisations have an up to date risk assessment covering cyber threats. They help SLT understand their roles and responsibilities and helps spread a cyber security ethos organisation-wide.
Key areas:
🥊Strong cyber security measures
🥊Effective backup and recovery
🥊Robust procedures around cloud-based services
🥊Compliance with data protection laws
🥊Compliance with Keeping Children Safe in Education filtering and monitoring
If you want help with the DfE Digital Standards and aren't sure where to start, customers should review our DfE Digital Standards Overview. If you're not a DPE customer then take a look at our Tracker website which will give you some more information 👉DfE Digital Standards Tracker, or have a look at our 🆓💻Digital Standards Webinars.
Cyber Essentials
Cyber Essentials is a government-backed certification scheme designed to help organisations protect themselves against cyber threats. The questions check baseline security measures to defend against cyber attacks. Cyber Essentials assess firewalls and internet gateways, configurations of systems and networks, access control, malware protection and patch management with the view to helping organisations meet a minimum level of cyber security. An organisation will receive a certification upon successful completion.If you're not sure about trying for Cyber Essentials, contact us as we have an IT Audit questionnaire that might help you decide.
Key areas:
🥊Firewalls & Internet Gateways - checking configuration at the high level to prevent unauthorised access
🥊Secure Configuration - ensuring systems are configured for security.
🥊Access Control - limiting access to data and systems.
🥊Malware protection
🥊Patch Management - keeping software up to date, ensuring there are appropriate procedures in place.
Key Differences
Feature |
DFE Digital Standards (Strategic IT Management) |
Cyber Essentials (Baseline Security) |
| Purpose | Provide best practices for procuring and managing digital infrastructure in schools. | Set a baseline for cyber security to protect against common threats. |
| Who it’s for | Schools, colleges and MATs. | Any organisation. |
| Best for? | Long-term IT strategy | Baseline cyber security |
| Mandatory? | No, but references laws are regulations that are, such as data protection and filtering & monitoring. | No, but often required for contracts. Demonstrates a certain level of due diligence. Some insurance (such as RPA) might require a Cyber Essentials certificate for cover |
| Covers cyber security? | ✅ | ✅ |
| Covers IT infrastructure? | ✅ | ❌ |
| Scope | Covers IT infrastructure & strategy. | Covers basic cybersecurity controls |
| Certification | No certification available. | Certification required |
| Focus | IT best practices for education - a framework for procurement. | Preventing cyber threats. |
| Assessment | Schools review their own digital infrastructure. | External assessment by an accredited body. |
| Cost | No direct cost, although compliance might require investment. A lot can be achieved through improving procedures. | £300+ |
| Renewal | Should be regularly reviewed | Certification must be renewed annually |
In conclusion you might want to use both, given they serve slightly different purposes, but it might depend on the size of your organisation and how much resources and budget you have available.. However, accessing the DfE Digital Standards is free of charge and will give you the framework for procuring anything you might need if you decide to go for a Cyber Essentials certification. It's always best to assess where you are now before doing any kind of test or certification and working through the DfE Digital Standards will help you do that. Ultimately, cyber security should start from the top-down in any organisation, so if you would like some help in raising cyber security awareness with SLT and throughout your organisation, contact us about running an interactive and thought-provoking SLT Cyber Workshop in one of your SLT meetings!