Cybersecurity and Keeping Learners Safe (KLS) in Wales

01 Mar 2025 in Education / Cybersecurity / Education / Safeguarding on Security, Networks, Penetration-testing

Safeguarding learners in Wales goes beyond physical safety—it extends into the digital world. The Keeping Learners Safe (KLS) framework outlines the statutory responsibilities of schools to create a safe and secure online environment for students. In an age where cyber threats, online risks, and data security are growing concerns, schools must align their IT and cybersecurity measures with KLS to protect learners effectively [1].

This post explores how schools in Wales can meet their cybersecurity obligations under KLS, how it compares to England’s KCSIE (Keeping Children Safe in Education) framework, and how aligning with cybersecurity best practices like Cyber Essentials, Cyber First Schools, and ISO 27001 can enhance protection.

• 1. Cybersecurity and KLS: Key Requirements
  • Web Filtering and Monitoring
  • Secure BYOD (Bring Your Own Device) Policies
  • Data Protection and Cyber Resilience
• 2. Comparison: KLS (Wales) vs. KCSIE (England)
• 3. How Schools Can Meet KLS Cybersecurity Expectations
  • Implementing Strong Access Controls & Monitoring
  • Aligning Cybersecurity Policies with Safeguarding
  • Staff and Learner Training in Digital Resilience
• 4. Going Beyond Compliance: Aligning with Cyber Best Practices
  • Cyber Essentials (UK Government-backed certification)
  • Cyber First Schools (NCSC Initiative)
  • ISO 27001 (International Information Security Standard)
• Conclusion & Next Steps
  • References

1. Cybersecurity and KLS: Key Requirements

KLS mandates that schools have clear policies, robust digital safeguards, and effective monitoring to ensure online safety. Schools must:

• Implement web filtering and monitoring to protect students from harmful online content [2].
• Establish incident response procedures for cyber threats [3].
• Ensure data protection compliance under UK GDPR when handling student and staff data [4].
• Maintain strong governance and oversight, with governing bodies taking responsibility for cybersecurity [3].

Web Filtering and Monitoring

Under KLS, schools must deploy real-time filtering to block harmful websites while ensuring age-appropriate internet access [2]. Unlike a one-size-fits-all approach, filtering must be flexible enough to allow safe research and learning while preventing access to inappropriate material.

Secure BYOD (Bring Your Own Device) Policies

With the growing use of personal devices in schools, KLS requires robust BYOD policies to manage security risks [4]. Schools must:

• Restrict access to sensitive data on personal devices.
• Use network segmentation to isolate BYOD devices from critical school infrastructure.
• Ensure staff and students follow Acceptable Use Policies (AUPs) for personal devices.

Data Protection and Cyber Resilience

Schools are responsible for protecting sensitive data, including student records, safeguarding reports, and exam results [3]. To comply with KLS:

• Implement multi-factor authentication (MFA) for staff access.
• Encrypt sensitive data both in transit and at rest.
• Maintain regular backups and test restoration processes [3].

2. Comparison: KLS (Wales) vs. KCSIE (England)

While both KLS (Wales) and KCSIE (England) focus on safeguarding, there are notable differences in their approach to cybersecurity:

Aspect	KLS (Wales)	KCSIE (England)
Web Filtering & Monitoring	Must be age-appropriate and reviewed regularly [2].	Schools must ensure “appropriate filtering and monitoring” but have more flexibility [5].
Cybersecurity Governance	Governing bodies must oversee cybersecurity risks and ensure compliance [3].	SLT and DSL (Designated Safeguarding Lead) typically handle cyber policies [5].
BYOD & Device Security	Requires strict policies and network separation for personal devices [4].	Schools must consider BYOD risks but policies vary per institution [6].
Incident Response	Schools must have formal cyber incident response plans [3].	Schools should report cyber incidents but response plans are not mandatory [7].

KLS provides more structured guidance on cybersecurity, ensuring Welsh schools have clearer accountability and safeguards in place compared to KCSIE.

3. How Schools Can Meet KLS Cybersecurity Expectations

Implementing Strong Access Controls & Monitoring

• Deploy firewalls, endpoint protection, and intrusion detection systems.
• Ensure monitoring tools flag suspicious behavior for safeguarding staff [2].
• Use Mobile Device Management (MDM) for school-owned devices [8].

Aligning Cybersecurity Policies with Safeguarding

• Develop clear Acceptable Use Policies (AUPs) that include cybersecurity expectations [4].
• Train staff and students on digital safety and responsible internet use [3].
• Conduct annual risk assessments of IT systems and policies [9].

Staff and Learner Training in Digital Resilience

• Provide regular cybersecurity training for teachers and IT teams [3].
• Educate students about phishing, scams, and AI-generated risks [10].
• Ensure SLT and governors understand their cybersecurity responsibilities [3].

4. Going Beyond Compliance: Aligning with Cyber Best Practices

Cyber Essentials (UK Government-backed certification)

✅ Covers basic security controls to prevent cyberattacks.
✅ Aligns with KLS by ensuring strong password policies and secure network access.

Cyber First Schools (NCSC Initiative)

✅ Encourages cybersecurity education alongside compliance.
✅ Helps students develop practical cyber resilience skills [3].

ISO 27001 (International Information Security Standard)

✅ Provides a structured approach to managing cybersecurity risks.
✅ Ensures compliance with GDPR, safeguarding policies, and KLS security expectations.

Conclusion & Next Steps

Keeping learners safe online is a shared responsibility between IT teams, SLT, and safeguarding staff. Welsh schools should:

• Review and update cybersecurity policies annually.
• Align web filtering and monitoring with KLS expectations.
• Train staff and learners in digital safety and resilience.
• Consider Cyber Essentials or ISO 27001 to go beyond compliance.

📩 Need support aligning your school’s cybersecurity with KLS? Get in touch for consultation and guidance on meeting safeguarding expectations while strengthening your cyber resilience.

---

References

1. Keeping Learners Safe - Welsh Government
2. Web Filtering and Online Safeguarding - Hwb
3. Cyber Security in Schools: Questions for Governing Bodies and Management Committees - Hwb
4. Bring Your Own Device Guidance - Hwb
5. Keeping Children Safe in Education (KCSIE) 2024 - England
6. Appropriate Filtering for Education Settings 2024
7. Appropriate Monitoring for Schools 2024
8. Web Filtering Considerations for Apple iOS Devices - Hwb
9. Planning and Management Guidance - Hwb
10. Generative AI: Keeping Learners Safe Online - Hwb