Systems & Security — Colearn Academy

Purpose of this site

This site supports Colearn Academy’s governing board and authorizers by presenting our information security and cybersecurity program in one place. We are in the phase of proving compliance: we have completed the work (policy set and self‑assessment) and are ready to show it.

For South Carolina’s SAFE K‑12 program, the expectation is that we complete a cybersecurity assessment by March 31st, 2026 and use the results for planning and budgeting. This site holds our policy set and our assessment evidence so we can show compliance by that date.

Where we stand

Colearn Academy has completed a CIS Controls assessment using CIS‑Hosted CSAT, documented current implementation status and gaps, drafted a full policy set aligned to CIS Implementation Group 1 (IG1), and is bringing those policies to the governing board for approval. We will use the CSAT results to prioritize our 2026–27 cybersecurity budget and SAFE K‑12 implementation roadmap.

What’s here

CIS CSAT assessment (complete)

Our self‑assessment against the CIS Critical Security Controls is complete. The report documents which controls have written policy, implementation status, and evidence. This is the evidence packet we use to show “assessment complete” for SAFE K‑12 and in conversations with Limestone, Erskine Charter, or SCDE.

Download CIS CSAT report (CSV)

Information Security & Cybersecurity Program Policy

Our overarching policy: purpose, scope, governance, framework alignment (CIS Controls IG1, NIST CSF), assessment and roadmap, and review process. This and the topic‑specific policies below are being brought to the board for approval.

Read the full policy →

All policies & standards

Topic‑specific policies and standards (asset management, identity & access, data protection, vulnerability management, logging, email/web/endpoint protection, backup & recovery, vendor security, awareness & training, incident response). Together with the program policy above, they form the policy set for board adoption.

View all policies → · Download as Markdown

What’s next

The expectation from SCDE, as communicated to the Director of Technology, is that we be able to prove that the policies are en route to being approved officially. That means:

Placing the policy set on the governing board agenda for formal consideration.
Obtaining board adoption (whether as final policies or interim policies pending minor updates).
Being able to show SCDE and authorizers that adoption is in progress or complete when they ask for documentation.

This site, together with the completed CSAT assessment and the policy drafts here, demonstrates that we have done the assessment and have a full policy set ready for board action—so we can show that policies are en route to official approval.