Select Your Cookie Preferences

We use cookies and similar tools that are necessary to enable you to use our website, to enhance your experience, and provide our services, as detailed in our Cookie Notice. We also use these cookies to understand how customers use our services (for example, by measuring site visits) so we can make improvements.

With your consent, we and our partners may use personal data (like browsing behaviour or unique IDs) for ads personalisation, content measurement, and audience insights. Click "Customise Cookies" if you'd prefer to decline these cookies, make more detailed choices, or learn more. Learn how Google uses your data

Customise Cookies

LEARNING LOCKER | Learning opportunities for all the staff in your school or MAT 

Client Support & Portals 

Learning Locker

Support Icon (support-icon.svg)Client support

Computeam - Expert IT Provider for Schools

Enquire now

Computeam Compass

DFE Cyber Security Standards for Schools and Trusts

See what “good” looks like, spot gaps quickly, and turn the cyber security standard into clear actions your team can own.

Turn cyber risk into clear actions and regular review

Cyber security work often stalls when it is spread across tools, teams and documents. That makes it harder to keep core tasks moving, like running risk assessments, recording risks consistently, and evidencing what has changed over time.

A key gap is routine risk assessment. Only 33% of primary and 47% of secondary schools report conducting cyber security risk assessments. The DfE cyber security standards expect cyber risk to be managed through regular assessment and review, with leadership oversight and clear documentation. With budgets under pressure for almost every school, prioritising the right actions and keeping a clear record matters.

Computeam Compass gives you a practical way to understand how your cyber security arrangements compare to the DfE digital and technology standards, assign actions, and maintain a live record of decisions, risks and improvements.

Request Your Free Compass Demo Login

Only 33% of primary schools conduct cyber security risk assessments.

Source: Technology in schools survey: 2024 to 2025 – Research report (Department for Education, carried out by IFF Research, published Nov 2025)

Turn the cyber security standards into a simple checklist

The DfE cyber security standards explain what schools and colleges should have in place to reduce the risk and impact of cyber incidents. They focus on governance, risk management, user accounts, technical controls and response planning.

A central element is the requirement to conduct a cyber risk assessment every year and review it every term. This assessment pulls together information on hardware, software, data, user behaviour and supplier risk, then feeds into a risk register and business continuity planning.

The cyber standards sit alongside, and link directly to, other DfE digital and technology standards, including:

Licensing and updating digital technology

Controlling and securing user accounts and access privileges

Securing digital technology and data with anti-malware and a firewall

Filtering and monitoring to reduce access to malicious content

Taken together, they provide a practical framework for cyber resilience that can be applied in schools, colleges and multi-academy trusts of any size.

When a cyber incident hits, the impact is immediate

When a cyber incident hits a school, the consequences are immediate and wide-ranging. If systems are unavailable, staff can lose access to safeguarding records, medical information, timetables and assessment data. In serious cases, schools have had to close temporarily, postpone activities or revert to paper processes at short notice. Recovery can take weeks and often requires significant external support.

There is also a strong safeguarding and legal impact. Many systems hold sensitive personal data about pupils, staff and families. If that data is accessed or leaked, the risk to individuals is serious and long-lasting. Schools and trusts must then manage data breach notifications, regulatory engagement and reputational damage at the same time as trying to keep teaching running.

A well-run cyber security approach helps schools move from reacting to individual threats to managing cyber risk as part of everyday leadership. The DfE digital and technology standards emphasise the role of the SLT digital lead, the importance of involving the DPO, DSL, IT support and business managers, and the need for governors and trustees to ask informed questions. For multi-academy trusts, a consistent approach across schools is essential so that a weakness in one setting does not create avoidable risk for others.

How Compass brings cyber risks, actions and evidence into one clear view

Computeam Compass turns the DfE cyber security standards into a clear, shared framework for school and trust leaders. Compass helps you organise everything in one secure place.

Make the expectations visible

Compass sets out the key cyber requirements in a structured format that follows the DfE digital and technology standards. Schools can record the status of their annual risk assessment, capture key risks, summarise logging and documentation levels, and link to relevant policies and technical controls. This gives SLT, IT staff, the DPO, DSL and governors a shared understanding of what is in place and what still needs attention.

Assign ownership and track actions

When you identify gaps – such as an overdue risk assessment, an incomplete response plan or unclear logging – Compass allows you to create actions with named owners and realistic deadlines. Tasks might include running a tabletop incident exercise, updating the risk register, reviewing supplier contracts or improving user account controls. Progress is visible to the right people, which makes it easier to keep cyber work moving alongside other priorities.

Keep a secure, auditable record

Compass provides a secure record of cyber-related decisions, assessments and evidence. You can log risk assessments, incident reviews, training records, supplier assurances and policy updates against the cyber standard. Each entry is time-stamped so that you can show how your position has developed over time and how you respond to emerging risks.

Give MAT leaders a trust-wide view

For multi-academy trusts, Compass brings cyber information from multiple schools into a single view. Central teams can see which schools have current risk assessments, where response plans are in place and how cyber risks are being recorded and managed. This supports more informed conversations with headteachers, helps target support where it is most needed and provides a clearer basis for trust-level reporting and planning.

Your next steps

If you are reviewing your cyber security arrangements against the DfE digital and technology standards, Computeam Compass can provide structure and shared visibility. It helps you capture what is in place now, identify priority risks and record the actions you are taking to reduce them over time.

See how Compass tracks the cyber security standard alongside the wider DfE digital and technology framework.

Book a Compass demo

Explore Compass with your team and begin building a live picture of your school or trust’s digital and technology standards.

Request a Free Compass Login

Return to the DfE Digital and Technology Standards hub

Loading... Updating page...