School Risk Management - Ensuring Safety

Risk management is an important component of the governance regime of a school, yet for many schools, there is a struggle to operationalise it.  Many school staff find it difficult to identify and record risks so the school can respond to developing issues and put in place contingent actions and tasks to mitigate the impact of the captured risk. This problem is amplified by the complex nature of risk and the limited investment into professional development around risk in schools.

Enabling effective risk management through GRC

Governance, Risk and Compliance (GRC) is a term more familiar to businesses than schools. The principle of GRC is that it enables organisations to collaborate, bringing together information and activities that when combined, enables better risk predictability, accuracy and response.

In reference to data privacy, technology and safeguarding, GRC can be defined as:

Governance: Ensuring that activities associated with privacy, technology and safeguarding are managed in a way that supports the schools objectives and obligations. This includes things like managing the school privacy programme, IT operations and ensuring that any harm from the use of technology is identified and interventions are in place.

Risk: Ensuring that any risks associated with privacy, technology and safeguarding activity are identified and treated in accordance with the school’s policies and objectives. In relation to privacy this means having processes such as identifying and completing the need for DPIAs to then manage processing activities that are of a higher risk. With IT operations, it's about having an IT risk management process and safeguarding, capturing the risks that have an impact on maintaining a safe learning environment.

Compliance: Ensuring the school’s activities operate in a way that meets the requirements of standards, laws and regulations. This means ensuring there are appropriate controls in place that generate evidence to demonstrate activities in privacy, technology and safeguarding that are operating as expected. And where there are controls, audits can take place to confirm the accuracy of the controls. In relation to privacy, this could check that data is transferred securely. In IT, reports are generated on the number of cyber vulnerabilities that need to be patched. And in safeguarding, questions on AI, learning velocity, online relationships, digital footprint impact and tracking are adequately answered prior to technology being used by students.

GRC is therefore a wider concept than risk management. Whilst risk management is managed through in many cases, a spreadsheet, GRC is an evolution of that spreadsheet into a platform that enables collaboration and management of risk. With privacy laws such as the GDPR, PDPA and APPI requiring the active identification, management and control of privacy and technology risk, the need for a platform rather than a spreadsheet is fundamental to success.

Advancing risk management with GRC, where to start

GRC adapts risk management from static spreadsheets, to an easy to use collaborative platform which allows for risk identification, assessment and treatment.  The key to success is to start small, implementing a phased approach. 9ine’s GRC platform for schools starts with privacy, and will extend to technology and safeguarding. The first module, privacy, includes aspects of technology and safeguarding, meaning that colleagues in these areas can be introduced to GRC in an area they feel comfortable with, that isn’t overwhelming, but is central to their roles and adds value to their day-to-day work.

Risk management as part of the 9ine App

Risk management in the 9ine App brings a new dimension to enabling your school to operationalise risk. It allows you to capture all your privacy, technology and safeguarding risks, identify mitigating actions to reduce those risks and allocate those actions to individuals within your organisation so you can manage the treatment of those risks.

 

To learn more about Risk management or 9ine’s GRC App, get in touch.

Book a Consultation

Let’s Stay in Touch

Subscribe to our newsletter to receive product announcements & other updates.

footer-illustration