ESFA New Contract Framework

The Education and Skills Funding Agency's contract framework now requires education and training providers to implement recognised information and cyber security Standards.

As a specialist certification body with over 20 years' experience working with the education & training sector, Centre for Assessment can provide relevant, reliable and robust certification for your organisation.

Read on to find out more about the ESFA requirements and how we can help you comply.


ESFA Webinar

On 6th May, 10-11a.m., our Director, Dave Harrison, will present a webinar on ESFA requirements.  Use the link below to book your free place.

ESFA requirements
What are the new requirements?
In May 2019, the ESFA published its new contract framework for further education funding. Schedule 7 of the framework sets out requirements for education and training providers to demonstrate conformance to ISO 22301 and ISO 27001.

Colleges and others are not yet required to achieve formal certification to these international Standards by a prescribed date.  However, implementing the ISO 22301 and ISO 27001 Standards and preparing for a compliance audit is something you should consider. 

The ESFA requirements also state that education and training providers require Cyber Essentials certification from the 2021/22 academic year.


Request a Quote
Have a Question?

Speak to our team on 0161 237 4080

Who needs to meet the new contract framework?

ESFA requirements for Cyber Essentials certification and ISO 22301 and ISO 27001 implementation is required for these organisations:  

  • Sixth-form and FE Colleges
  • Universities and other higher education institutions
  • Local authorities
  • Training providers subject to ESFA funding
  • Trusts
Request a Quote
ISO 27001 - Information Security Management
To gain ISO 27001 certification, your organisation will need to demonstrate that it has identified and assessed potential security risks to confidential information and data you hold. You also need to have taken steps to ensure these risks are mitigated and that security controls are fit-for-purpose within your context.

An ISO 27001 audit with Centre for Assessment, a UKAS-accredited* certification body, is based on a 3-year certification cycle.  Your initial audit will be completed in two stages and the rules of the scheme require annual review audits.  Contact us to find out more about how the certification process works.

*UKAS is the United Kingdom Accreditation Service which ensures we have the technical competence to provide certification services

Request a Quote
ISO 22301 - Business Continuity Management
ISO 22301 provides a framework to help you prepare for disruptive or unexpected incidents that can threaten operational continuity. The Standard requires risk assessments and related procedures to be in place so that you are protected in times of adversity.

The great upheaval caused by the current Coronavirus pandemic is a clear demonstration of the need to have continuity plans in place.  ISO 22301 certification is the benchmark of an education service that seeks to continue fulfiling its obligation to students even in the most challenging of times.

Centre for Assessment provides robust certification audits to ISO 22301 at very competitive costs.

Have a Question?

Speak to our team on 0161 237 4080

Cyber Essentials
The ESFA's framework requires FE, HE and training providers to hold Cyber Essentials certification for the 2020/21 funding year, progressing to Cyber Essentials Plus for 2021/22.

Cyber Essentials is a government-backed scheme that helps organisations protect themselves against cyber threats.  It is a simple but effective accreditation that enables you to identify risk and implement measures to prevent breaches.

Cyber Essentials Basic is a self-assessment option.  Centre for Assessment will review your self-assessment submission and provide certification if you meet the requirements of the scheme.  This will give you peace of mind that you have controls in place and are guarded against cyber crime. Fixed price: £300+VAT

Cyber Essentials Plus is a more thorough version of the scheme.  After you have submitted your self-assessment, we will arrange for a practical verification of your systems to take place, giving you reassurance that you have taken appropriate measures. Fixed price: £2,500+VAT

Whichever option you prefer for your organisation, Centre for Assessment will ensure that your certification is completed quickly, smoothly and rigorously.

Request a Quote
How much does ISO certification cost?
A member of our Business Development team will be pleased to produce a bespoke, no-obligation ISO certification proposal for you, taking into account factors such as the number of employees and the complexity of your organisation.
Centre for Assessment normally quotes for the whole of the three-year certification cycle but we do not lock clients into a recurring contract or expect any payments in advance of the audit. You only pay for each audit once it is completed.
Request a Quote
What Our Customers Think

'Myself and colleagues who worked on the project were all impressed with how professional the entire assessment process was from our initial first meeting, through to the award of our certificate.'

Geneva, London

'Centre for Assessment is a very capable organisation that is able to move quickly to provide audits in timescales required by clients. The auditors are very proficient and a pleasure to work with.'

Liam, Birmingham

'As a company we are so impressed with the overall service provided by Centre For Assessment. It is a pleasure to deal with auditors who are knowledgeable and approachable.'

Susan, Glasgow

ISO Certification and Audit Process
  • 1
    Develop and Implement your Management System

    You may choose to hire a consultant to help you design and implement your ISO Management System.  You could also use Centre for Assessment to provide a pre-assessment service. Alternatively, you may choose to move forward without seeking external support.

  • 2

    Submit an application form online to receive a no-obligation audit proposal for your organisation. If you don't have time to complete this, give us a call and a member of our Business Development team will be happy to help you.

  • 3
    Make Arrangements

    You will be allocated a specialist, experienced auditor with knowledge of the education sector.  S/he will contact you to introduce themselves, discuss arrangements and book dates for your audit.

  • 4
    Audit Stage One

    The Stage One audit will involve a review of the documents relating to your Management System. Stage One also explores your readiness to move on to Stage Two.

  • 5
    Audit Stage Two

    The Stage Two audit looks at the effectiveness of your Management System, ensuring it is
    successfully implemented and fully operational.

  • 6

    Following a technical review by a decision-maker, you will be issued a certificate that is valid for three years. You can advertise the fact that you are certified to the Standard and use the appropriate ISO logo on your website.

  • 7
    Annual Audit

    At 12 and 24 months, review audits will be completed to ensure you are still compliant with the ISO Certifications. These will be arranged directly with your auditor.

Make an enquiry

(in the legally correct form)

Company Address *

Select all relevant areas

Latest News
Are you ready to get ISO Certified?
Submit your interest to obtain a free quote from us, we'd be happy to provide you with any further information you may need.
Request a Quote