Hi All,

I work for an education facing technology provider and have spoken to a number of schools, both at BETT and over the phone in regards to policy and legislation that schools must adhere to, but seem unaware of.

The Schools Financial Value Standard (SFVS) is a 23 point guide that is completed by school governors and has to be returned to the LA by the 31st March. Point 23 of the standard asks that you have an "Appropriate business continuity or disaster recovery plan". The sub-notes (link below) say that schools must have a daily offsite backup of the schools critical data.

Many people are happy to transport hard drives or tapes offsite (still), which is fine - HOWEVER, if the admin data is being taken offsite it must be encrypted as per the Information Commissioners Office (ICO) guidelines for encryption. For those who don't know, the ICO is the enforcement body for breaches of the Data Protection Act.

A lot of people are now being caught out for not encryption data relating to staff or pupils and face ICO audits (undertakings), fines of up to £500,000 or criminal prosecutions. In any case, the details are listed on the ICO website for all to see as a 'name and shame' list.

As I said, many people don't seem to be aware of either the SFVS requirement for backups to go offsite and/or the ICO requirement for encryption so I thought I would share. Documentation is below:

Best Regards,


SFVS - Point 23 sub-notes link (document download) - http://media.education.gov.uk/assets...overy plan.doc
ICO guidelines to encryption - Our approach to encryption
ICO enforcement - Enforcement - Data Protection, Freedom of Information, Electronic Marketing - ICO