Security and privacy audit

School data security
and privacy consulting

for K-12 schools

Data should be close to the top of the list when thinking about the most important assets that schools possess. Just consider the huge amounts of sensitive information – concerning students, staff, parents and suppliers – that schools hold. It’s vitally important to protect this data from loss, theft and unauthorised disclosure, as failure to do so may result in huge penalties – including notifiable data breaches, reputational damage and in severe cases, regulatory fines.

Information security should be a whole-of-school responsibility, yet it often falls upon an IT department alone to implement the necessary processes and controls to safeguard data. We can help get your whole school on track with data security.

1-day privacy and security express audit

Starting your information compliance journey can be a daunting task, especially for schools (who’s primary task is actually the students, not the IT network!). It’s common forschools to have many fundamental questions when starting to look at privacy and security that often aren’t answered through traditional audit partners, such as:

Privacy & security in schools

Which laws apply to us and what do they say?

click the edit button to change this text.

Where are schools most vulnerable?

click the edit button to change this text.

How can we structure our efforts?

click the edit button to change this text.

Where do we start?

click the edit button to change this text.

Our 1-day privacy and security express audit includes:


A pragmatic review of your security and privacy practices, including point checks, targeted at key risk areas for schools.


After our 1-day Express Audit, you will receive a high-value and actionable assessment of your immediate security and privacy needs.

Buy-in creation

Your executive will benefit from an in-person briefing on the school’s security and privacy obligations tailored to an education environment to help you gain buy-in from the whole school.

International expertise

Daryll Holland (SPS’s data privacy consultant) is an international data privacy and security specialist with 20 years in the education space.

Having worked with a range of schools, Daryll has experiences to share that are pertinent, and made the current and future privacy legislation and security concerns real for us.

It was refreshing to hear from someone that had worn the responsibility for implementing privacy and security changes from inside of a school environment.”

Evan Hughes, Head of ICT, Shire Christian School

About Daryll

Daryll Holland is a GDPR Certified Privacy Practitioner and has 20 years of international experience in education IT. He has extensive compliance experience including the implementation of GDPR and a comprehensive information security programme across one of the top Multi-Academy Trusts in the UK.

Custom solutions and further consulting

We can provide a range of consulting engagements in the data privacy and security portfolio, including:

  • In-person or remote privacy training (Australian Privacy Act, New Zealand Privacy Act, GDPR)  
  • Introductory e-Learning courses covering privacy and security (for the whole school)
  • Development and review of 3rd party vendor assessments on behalf of the school
  • Keynote speaking engagements 
  • IT organisational change and digital transformation 

If your school can use a helping hand in any of these (or related) areas, just full in the form below.



Want to book your audit, or ask a question?

Just leave your details in the form below.