The examination system within centres is at particular risk to a cyber attack. Not only can such an attack compromise candidate information, but it may also threaten the security of question paper(s)
Therefore, it is a requirement of all centres who engage with examinations offered by JCQ awarding bodies to detail the measures which are in place to prevent a cyber attack and the actions which will be taken to mitigate the imapct of such a threat if it occurs
Centres and centre staff also have a critical role to play in maintaining and improving cyber security and preventing cyber risk. In today’s digital landscape, it is crucial that centres adhere to industry best practices to mitigate the risk of cyber threat and ultimately, attack.
To support senior leaders in ensuring that their staff and students are educated on cyber security awareness, during the 2024/2025 academic year, the NAEO, in partnership with The Learning and Skills Office, will be launching an online, certificated, cyber security training and assessment programme.
Senior leaders will be able to register centre staff for this annual online training. This will enable senior leaders to ensure that their centre is cyber safe and compliant. Completion of this training and assessment programme on an annual basis will also provide evidence to JCQ inspectors that cyber risks are taken seriously in your centre.
A student version of this training will be launched during 2025.
More details will be available on this page from September 2024.
Joint Council for Qualifications/Awarding bodies
Awarding bodies are committed to maintaining the highest standards of cyber security to safeguard sensitive information provided by centres, including personal student data, and to protect the integrity of secure assessments.
Therefore, in November 2023, JCQ published Guidance for centres on cyber security which should be adhered to by all staff engaged in the management, administration and conducting of examinations.
Senior leaders should ensure that all staff follow the best practice outlined in this guidance:
- Create strong unique passwords
- Keep all account details secret
- Enable additional security settings wherever possible
- Update any passwords that may have been exposed
- Set up secure account recovery options
- Review and manage connected applications
- Stay alert for all types of social engineering/phishing attempts
- Monitor accounts and review account access regularly
Senior leaders should ensure that they stay informed about the latest security threats and trends in account security and educate staff on how to identify phishing attempts, secure devices and protect systems and data.
The National Cyber Security Centre (NCSC)
The NCSC provides the excellent and comprehensive cyber security advice and guidance for schools/colleges which senior leaders should ensure is being observed for any IT systems used within a centre, particularly those where learner information, learner work or assessment records are held.
In addition to the areas covered by JCQ guidance, other topics covered by the NCSC training and guidance include:
- Establishing a robust password policy
- Enabling multi-factor authentication (MFA)
- Keeping software and systems up to date
- Implementing network security measures
- Conducting regular data backups
- Educating employees on security awareness
- Developing and testing an incident response plan
- Regularly assessing and auditing security controls
If centres experience a cyber attack which impacts any learner data, assessment records or learner work, contact with their awarding body should be made immediately for advice and support.