The cyber and AI governance pack for independent schools
A school cyber and AI policy template should do two jobs: show the board the controls are in place, and give staff a clear line on how AI and data may be used.
EthosOne's free Cyber and AI Governance Pack covers both. It pairs a practical cyber control checklist with a set of AI principles and a self-check, and data management principles, so a school can demonstrate posture to its board without buying a whole security platform first.
What goes in a school cyber and AI policy?
At minimum, three things: the controls you rely on and who owns them, the principles that govern how staff and students may use AI, and how personal and sensitive data is handled and retained. The pack gives you a starting position for each, written for a school rather than a corporate IT department.
The point is not a long document nobody reads. It is a short, owned set of commitments the board can see, the staff can follow, and you can evidence when a parent, an auditor or an insurer asks.
Cyber control checklist
The controls a school is expected to hold, each with an owner and a review point.
AI principles and self-check
A clear line on acceptable AI use, with a self-check to find where you stand.
Data management principles
How personal and sensitive data is handled, shared and retained.
Is cyber and AI a board issue or an IT issue?
Both, but the accountability sits with the board. Cyber and AI risk is now a standing part of a school's risk position: a breach or a misuse of AI is a governance and reputational event, not just a technical one. The board does not run the controls, but it must be able to see that they exist and are owned.
That is why this pack is written to be board-legible. It turns a technical subject into a short assurance picture a director can read, while still giving the people who run the controls something concrete to work from.
Frequently asked questions
Is the cyber and AI governance pack really free?
Yes. The pack is a free download for independent schools. Tell us where to send it and it is yours, no obligation.
Do we need an IT team to use it?
No. It is written for a school, not a corporate security function. The checklist and principles are practical enough for a business manager or principal to work through and assign owners.
How does this connect to the rest of our governance?
Cyber and AI is one category in your overall risk position. In EthosOne the controls, owners and reviews run live and roll up into the same board reporting as the rest of your risk and compliance picture.
The cyber and AI governance position your school can adopt this term
Download the Cyber and AI Governance Pack: a control checklist across Identify, Protect, Detect, Respond and Recover, five school-ready AI principles, and ten data principles a board can endorse. Built for independent schools. Free.