UCRF Tool Suite · World First · Free

University Cyber Resilience Tools

Three free tools built on the University Cyber Resilience Framework — the world's first cyber resilience methodology designed specifically for higher education. UK · US · EU · India.

May 2026 — Canvas breach active: ShinyHunters accessed 3.65TB across 8,809 institutions in 50+ countries. Every tool in this suite benchmarks your institution against the control gaps that allowed this breach to escalate.
Tool 01 · Self-Assessment
UCRF Self-Assessment
Web app · 10 min · Free

25 questions · 6 UCRF pillars · Instant gap analysis · ISO 27001, GDPR, FERPA, GLBA, UKRI mapped · Benchmarked against the May 2026 Canvas breach.

World First UK · US · EU · India
Start Free Assessment →
Tool 02 · Vendor Risk
Vendor Risk Audit Template
Excel workbook · Free download

45 questions · Auto-scoring RAG status · ISO 27001 A.5.23, GDPR Art.28, HECVAT, FERPA, NIS2 mapped · Board-ready summary tab.

Most Downloaded Auto-Scoring
Download Template → Request Facilitated Audit
Tool 03 · Tabletop Exercise
AI-Powered Tabletop
Live web app · AI adaptive · Free

AI injects adapt to your tech stack · Role cards for VC, CISO, DPO, Registrar · Live UCRF radar · ICO 72hr clock · Instant branded report.

AI-Powered Live Dashboard
Launch Tabletop → Book Facilitated Session
The Framework

6 Pillars of University Cyber Resilience

Every tool maps to the same 6 UCRF pillars — assessment, vendor audit, and tabletop all speak the same language.

01
Cyber Governance
Board-level accountability, risk appetite, CISO reporting line, governing body oversight.
02
Data Protection & Privacy
GDPR/UK GDPR, FERPA, DPO function, student data, DSAR process, LMS data governance.
03
Supply Chain & Vendor Risk
Third-party DPA reviews, HECVAT, SaaS onboarding, edtech vendor assessment, AI tool procurement.
04
Incident Response & BCP
IR plan currency, tabletop cadence, ICO 72-hour, NIS2 24/72-hour, FERPA breach notification.
05
Access Control & Identity
MFA coverage, Azure AD/Entra ID hygiene, privileged access, legacy authentication, CMMC Level 2.
06
Compliance & Certification
Cyber Essentials+, ISO 27001, CMMC, UKRI, NSF/NIH, Horizon Europe, sector benchmarking.
Why UCRF

Built for universities.
Not adapted from elsewhere.

Generic frameworks ask the wrong questions. UCRF asks what matters to a VC, DPO, and CISO — UK, US, EU, or India.

  • ⚖️

    HE-Specific Regulatory Mapping

    FERPA, GLBA, CMMC (US) · GDPR, NIS2, Horizon Europe (EU) · ICO, UKRI, OfS (UK) · UGC, DPDP Act (India).

  • 🔧

    Real Technology Stack Awareness

    M365, Azure AD, Canvas, Banner/SITS, Pure, AWS, Palo Alto, Darktrace, Copilot — named systems used by real institutions.

  • 🤖

    AI Governance Included

    Shadow Copilot use, ChatGPT student data risks, AI procurement without governance — threats no generic framework covers.

  • 🎓

    Governance Role-Aware

    Different information for VC, CISO, and DPO — simultaneously. Just like a real incident.

91%of UK HEIs experienced a cyber incidentDSIT Cyber Security Breaches Survey 2025
63%increase in university cyber attacks — Nov 2024 to Oct 2025Quorum Cyber, November 2025
76%of university staff receive no AI tool training despite 92% student adoptionJisc, 2025
$2.3Maverage cost of a US higher education data breachIBM Cost of a Data Breach Report 2025

Know where your institution stands

Start with the free UCRF Self-Assessment. 10 minutes. Instant results. No obligation.

Start Free Assessment → Book Discovery Call
WhatsApp Connect