The Department for Education (DfE) has announced an important change in IT security requirements for Colleges and Specialist Post-16 Institutions (SPIs).

Starting in the 2024-2025 funding year, such institutions must now achieve the IASME Cyber Essentials certification to meet new cybersecurity standards.

All settings need to have this in place by 31st July 2025, to comply with the mandate for funding. 

Don’t know where to begin? We can help you!

Introducing Curo’s Cyber Essentials Assessment for Colleges and SPIs!

No matter where you are in your accreditation journey, we will work with you to assess, draft and submit your application to gain the accreditation.

With this exclusive offering, in partnership with Cloud 9 Security, you will benefit from some of the best security knowledge and expertise in the business, to make your environment more secure.

We’ll walk you through a four-step process.

STEP 1: Discovery Workshop

Objective:

  • Work through the Cyber Essentials assessment questionnaire.
  • Identify key areas requiring further analysis.
  • Understand your institution’s current security posture.

Deliverables:

  • Preliminary Gap Analysis: Identify missing policies, controls, or configurations.
  • Action Plan: Assign responsibilities and deadlines to relevant stakeholders.

STEP 2: Action Plan Review

Objective:

  • Review progress after initial stakeholder input.
  • Address key gaps and clarify remediation steps.

Deliverables:

  • Updated action plan with risk prioritisation.

STEP 3: Questionnaire Preparation & Compliance Validation

Objective:

  • Collect and document all required evidence.
  • Ensure questionnaire responses align with Cyber Essentials requirements.
  • Review responses against best practices to mitigate certification risks.

Deliverables:

  • Completed draft of the Cyber Essentials questionnaire.
  • Compliance recommendations and validation check.

STEP 4: Submission & Final Remediation

Objective:

  • Submit the questionnaire for initial assessment.
  • Address any assessor feedback with rapid remediation support.
  • Submit the final assessment for certification.

Deliverables:

  • Successfully submitted Cyber Essentials assessment.
  • Final remediation report (if required).