On this page
Why reporting cyber risks is important#
When risks are reported to the right people, those and the potential impact to your school become more visible. This means decision-makers can choose the best course of action to address the risk.
Who to inform of cyber risks#
Exactly who needs to be informed at each risk level should be agreed with your school board.
For example, a board may only be concerned with very high risks. Low or operational risks can then be recorded in your risk register and monitored by your senior leadership at regular meetings.
If you’re unsure how to identify and record your cyber risks, see the following guidance.
When to report cyber risks#
Like any other risk management process, such as health and safety, there is a threshold where you need to report risks to the right people. You will need to agree on this threshold with your board.
For example, the board might want to know about very high risks immediately. Medium risks can be reported on during each board meeting.
You should report on your risk register at each board meeting to track any changes in risk ratings.
How to report cyber risks#
Your school may already have a template for how you report risks to your board. If not, use the template below.
Risk register template