Risk Protection Arrangement (RPA) Eligibility


Membership of the DfE's RPA includes cover for cyber security incidents

To be eligible for the cyber risk cover, included in the RPA membership, schools must meet and evidence 4 security conditions


The 4 cyber security conditions to be eligible for the RPA cover

  • database-refresh-outline-1

    Ensure your data is safely backed up offline

    Plan to be able to recover and restore your school’s data in the event of a cyber-attack

  • key-star

    Complete the NCSC’s cyber security training for school staff

    Designed for all school staff and governors and earn individual certification

  • police-badge-outline

    Register your school with the Police CyberAlarm tool

    This tool detects and provides regular reports of suspicious cyber activity and vulnerabilities

  • checkbox-multiple-marked-outline

    Implement a cyber response plan

    A plan for contingency and recovery in the event of a cyber-attack

  • key-plus


    Several other RPA cyber recommendations for schools to implement and reduce the risk of a cyber-attack

How can Secure Schools help?


Build a cyber incident management plan with the Secure Schools policy builder

Cyber Security Policy Builder Icon

Complete the NCSC cyber security training with the Secure Schools training module

Cyber Security Awareness Training Icon

Meet eligibility requirements with a Secure Schools self-led or assessor-led audit

Cyber Security Audit and Internal Scrutiny

Get started with Secure Schools to ensure your school or trust can demonstrate it meets the RPA’s cyber security conditions.