CERT-In’s New Cyber Security Audit Guidelines: What Schools Need to Know

The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology, has released the Comprehensive Cyber Security Audit Policy Guidelines (Version 1.0, July 2025). These guidelines provide a structured framework for schools, colleges, and educational institutions to enhance their cyber security posture, ensuring the safety of student data and digital infrastructure.

Why This Matters for Schools

With the increasing reliance on digital platforms for learning and administration, educational institutions are prime targets for cyber threats. The guidelines emphasize:

• Annual audits of IT systems, including networks, applications, and cloud infrastructure.

• Secure development practices for apps and software used in schools (e.g., learning management systems).

• Compliance with CBSE/NCERT IT policies and alignment with national cyber security standards.

Key Takeaways for Educators & Administrators

1. Mandatory Audits: Schools must conduct yearly cyber security audits covering IT infrastructure, apps, and databases.

2. Student Data Protection: Strict protocols for handling sensitive student information and preventing breaches.

3. Third-Party Risk Management: Vendors providing ed-tech tools must comply with security standards.

4. Incident Reporting: Immediate reporting of cyber incidents to CERT-In.

Action Steps for Schools

• Review IT policies against CERT-In’s guidelines.

• Train staff on cyber hygiene and secure data practices.

• Collaborate with empaneled auditors for compliance.

Read the full guidelines here: CERT-In Cyber Security Audit Policy