School Risk Management: Ensuring Safety

Risk management is an important component of the governance regime of a school, yet for many schools, there is a struggle to operationalise it.  Many school staff find it difficult to identify and record risks so the school can respond to developing issues and put in place contingent actions and tasks to mitigate the impact of the captured risk. This problem is amplified by the complex nature of risk and the limited investment into professional development around risk in schools.

Enabling effective risk management through GRC: Governance, risk and compliance

Governance, Risk and Compliance (GRC) is a term more familiar to businesses than schools. The principle of GRC is that it enables organisations to collaborate, bringing together information and activities that when combined, enables better risk predictability, accuracy and response.

In reference to data privacy, technology and safeguarding, GRC can be defined as:

Governance: Ensuring that activities associated with privacy, technology and safeguarding are managed in a way that supports the schools objectives and obligations. This includes things like managing the school privacy programme, IT operations and ensuring that any harm from the use of technology is identified and interventions are in place.

Risk: Ensuring that any risks associated with privacy, technology and safeguarding activity are identified and treated in accordance with the school’s policies and objectives. In relation to privacy this means having processes such as identifying and completing the need for DPIAs to then manage processing activities that are of a higher risk. With IT operations, it's about having an IT risk management process and safeguarding, capturing the risks that have an impact on maintaining a safe learning environment.

Compliance: Ensuring the school’s activities operate in a way that meets the requirements of standards, laws and regulations. This means ensuring there are appropriate controls in place that generate evidence to demonstrate activities in privacy, technology and safeguarding that are operating as expected. And where there are controls, audits can take place to confirm the accuracy of the controls. In relation to privacy, this could check that data is transferred securely. In IT, reports are generated on the number of cyber vulnerabilities that need to be patched. And in safeguarding, questions on AI, learning velocity, online relationships, digital footprint impact and tracking are adequately answered prior to technology being used by students.

GRC is therefore a wider concept than risk management. Whilst risk management is managed through in many cases, a spreadsheet, GRC is an evolution of that spreadsheet into a platform that enables collaboration and management of risk. With privacy laws such as the GDPR, FERPA, PDPA and APPI requiring the active identification, management and control of privacy and technology risk, the need for a platform rather than a spreadsheet is fundamental to success.

Advancing risk management with GRC; Where to start?

9ine's GRC solution adapts risk management from static spreadsheets, to an easy to use collaborative platform which allows for risk identification, assessment and treatment. The key to success is to start small, implementing a phased approach. With the 9ine Platform, schools can start streamlining their privacy activites, and expand to include technology and safeguarding. With multiple modules that interact, schools can consolidate their GRC activities, automate reminders for risk assessments, collaborate with colleagues across departments, simplify reporting, actively update risk registers, track mitigation, and lessons learnt.

Risk management in the 9ine Platform brings a new dimension to enabling your school to operationalise risk. It allows you to capture all your privacy, technology and safeguarding risks, identify mitigating actions to reduce those risks and allocate those actions to individuals within your organisation so you can manage the treatment of those risks.

To learn more about 9ine's risk management solutions or to schedule a free demo of the 9ine Platform please get in touch.