Mark Dendy offers guidance for the effective management of IT and data in independent schools

Your school’s use of IT has developed at breakneck speed over the past 20 years. If it hasn’t then you have an enormous problem, that you should address immediately, but let’s assume you’ve been diligent and invested heavily down the years. Even then you may have lost touch with what you use and how you got there, so here’s a quick reminder of what IT does for you, your staff, pupils and parents.

A school’s IT services fall into broad catch-alls of infrastructure, security, data, business (school administration and management) and learning. Okay, one might also add to the list “giving everyone access to the internet at breaktime”, but actually it’s fair to say that connectivity really is a key service now. This leads us to a design choice that should already have been made – hosting software services at school or in ‘the cloud’. In reality, very little in terms of servers and application/data hosting should still be happening at the school. The focus really should be on users having reliable means to access software and services in the cloud. However, this modernity brings with it some interesting challenges too. But the trade-off between having enough bandwidth across multiple providers and maintaining servers and applications on the school premises should have been made years ago on the grounds of security, resilience and cost. More on that later.

Infrastructure

Let’s start with the most fundamental piece. This is the underlying structure upon which your school’s digital world sits. It’s probably there and humming along nicely to the point that you only notice when it isn’t. The move from ethernet cables to wireless is a challenge, particularly in old (and often listed) buildings with walls that could keep out cannon shot, but your network and internet connections are at the heart of modern schools.

Cybersecurity and compliance

It would be forgivable to think that network security is about preventing the clever pupils from hacking the exam system to give themselves better grades. Ironically, the ones who could do this probably don’t actually need help to get better grades anyway – just a more interesting challenge. However, as a school you look after a mountain of information, the security of which is governed by all sorts of different laws. There are strict rules about personal details, HR information, safeguarding and so forth, all of which are risked by lax cybersecurity. Plus, the data itself is valuable – lost coursework, corrupted teaching notes and other sorts of damage that might result from a cyberattack (for example, a ransomware attack which encrypts data) can be devastating. A well-managed, 24/7 monitored cloud-based arrangement with robust disaster recovery capabilities gives a better chance of protecting against attacks and also the fastest route to restoring everything if the worst was to happen. Nonetheless, there are no guarantees, you can only do your best and if an attack is successful traditional approaches such as having a well thought-through incident response and recovery plan can be as valuable as good technology in such situations. Your supplier will be able to show you what the security and disaster recovery capabilities of its solutions looks like and how long it takes. Knowing the school won’t have to all but close its doors for weeks in the event of a successful ransomware attack or malicious virus is a solace of sorts, but you do have to put the work in to make sure it’s regularly tested.

Data

Data management can be an ongoing challenge, especially when your school has accumulated years of information – emails, instant messages and files – and they’re all still stored where they were last seen. From long-forgotten email threads and replies, letters, staff contracts, invoices and more, it’s usually all still there. While much of this data can be useful, it’s essential to have a structured plan for managing it in an organised way, rather than simply hoarding it indefinitely.

Some data must be retained for legal and regulatory reasons, but the rest should be carefully reviewed and securely handled. With the cost of data storage decreasing, it may seem easier to keep everything, but regular audits and spring cleans can help you uncover cost savings and ensure you’re only retaining what’s necessary.

Crucially, this is not just about efficiency – it’s about security. Ensuring that all critical data is included in your disaster recovery and data protection plans is vital. Think of it as an insurance policy; the time you’re most likely to worry about having it is when you realise you don’t.

Business systems (school administration and management)

Add to that the school’s management information system, HR systems, marketing tools, finance solutions and other applications, you build a world that’s just as diverse and complex as many a multinational. And it must all be kept up to date, secure, licensed and certified to Department for Education standards.

Learning systems

By now you should get the idea. Learning tools and systems often have an online element or are entirely hosted, so whether it’s internal or external the school has an obligation to ensure the safety as well as the accessibility of its learning resources.

Common and emerging risks

Independent schools face a growing array of information security risks in today’s increasingly digital world, with cyberattacks becoming more frequent and sophisticated. Common threats include phishing schemes, ransomware attacks, data breaches, and unauthorised access to sensitive information such as student records, staff details and financial data. With schools now relying on digital platforms for everything from enrolment to remote learning, the consequences of these attacks can be severe.

A successful data breach can lead to the exposure of personal information, resulting in identity theft or fraud, and jeopardising the privacy and safety of pupils and staff. The reputational damage from such incidents can be immense, leading to a loss of trust among parents and stakeholders, which could in turn affect enrolment. Schools may also face significant financial costs, both from the immediate fallout of an attack and from potential legal action in the aftermath of data loss.

Emerging trends such as the increasing use of artificial intelligence, cloud-based systems, and connected devices (commonly known as the internet of things) are also introducing new security challenges. While these technologies offer enhanced efficiency and opportunities for personalised learning, they create additional vulnerabilities if not properly secured. Independent schools must therefore stay ahead of these developments by adopting strong cybersecurity policies, investing in staff training, and ensuring that their systems and data are protected with up-to-date security measures. By doing so, they can safeguard their digital assets, protect their communities, and preserve the trust that is so crucial to their success and reputation.

Conclusion

Wherever your school is on its journey to modernity, things may be working just about okay – but is okay enough in today’s rapidly evolving digital landscape? Cloud-hosted solutions are widely recognised as safe and cost-effective, but they’re just one part of the equation. Equally important is the management of information governance and security, which can often be overlooked by busy staff juggling many responsibilities. Keeping pace with emerging cybersecurity threats can be challenging, and it’s here that independent expertise can make a real difference.

Many schools share common challenges when it comes to technology and data security. Engaging independent consultants who have worked with other schools can provide reassurance that potential issues are well understood and have been resolved before. These consultants bring insights into how to address security vulnerabilities and optimise the use of cloud technologies, helping schools develop tailored solutions that ensure data is secure and accessible.

By working with independent technology partners, schools can confidently strengthen their cybersecurity and technology planning without overstretching internal resources. This approach allows staff to focus on education, while experts help you to ensure that digital assets are safeguarded and systems are set up to meet the demands of the future. Investing in external guidance now can help avoid unexpected problems later, ultimately contributing to the smooth running and long-term success of your school.

Mark Dendy is a senior consultant at Adapta Consulting.

Mark Dendy