With regular headlines about schools falling victim to cybercrime, there is increasing pressure to ensure that governors and school leaders have appropriate controls in place to protect their school. With this in mind, LGfL has developed the Elevate Cybersecurity Toolkit for Schools.


The Elevate Cybersecurity Toolkit is a collection of key documents that schools can use to elevate their cybersecurity. It can be used as a foundation for schools that want to attain Cyber Essentials Certification.

CyberSecurity Policy Template

This cybersecurity policy should complement schools existing social media and acceptable use policies. The policy outlines the school’s guidelines and security provisions that are there to protect its systems, services, and data in the event of a cyberattack.

Incident Response Plan

If your school is unfortunate enough to fall victim to a ransomware attack, or any other kind of unforeseen outage it needs a plan for how to recover. This Incident Response Plan can be used as a starting point for planning how you would recover.

Example Registers

Example Risk Register

This example risk register can be used to Assess, Evaluate, Prioritise and Manage cybersecurity risks. It is a great tool to help support how schools report to governors on how they are proactively managing risks and improving their cybersecurity.

Example Asset Register

It sounds obvious, but it’s impossible to be secure if you don’t know what you have. This asset register can be used as a starting point to inventory the equipment used in your school.

Example Software Register

In the same way that you can’t be secure if you don’t know what equipment you have, you also need to know which software and systems hold confidential information. This software register can be used to record which software/systems you have and whether they hold confidential information. It can be used to complement the Incident Response Plan for prioritising the recovery of services.