By visiting our site, you agree to our privacy policy regarding cookies, tracking statistics, etc.
This guide provides best practices for higher education institutions when engaging with Local Community Organizations (LCOs) in practical cybersecurity education, especially as part of the Google.org Cybersecurity Seminars.
We first outline what we mean by an LCO, and why LCO engagement matters for cybersecurity education. Not only is LCO engagement a boon for student education and training, but it also improves the cybersecurity posture of smaller, underserved organizations that face the same local and national threats as those of larger organizations.
We then show how carefully considering and planning for LCO engagement is relevant throughout the whole lifecycle of the Google.org Cybersecurity Seminars, and explain how higher education institutions can create fruitful working relationships with LCOs, whilst keeping all parties safe.
We then separate LCO engagement into 3 steps:
Prior to LCO engagement, we encourage you to assess LCO needs and student skills, establish expectations, conduct benchmarking, develop crisis plans, and implement relevant security protocols.
During engagement, we encourage you to maintain regular communication between all parties, act with professionalism and empathy, ensure swift crisis response if needed, and handle all data and communications securely.
After engagement, we encourage you to measure impact through interviews, student reflection, compile reports, and anonymize data. You may consider supporting ongoing LCO needs and incorporating learnings to refine future courses and projects.
Following the step-by-step guide, we provide a summary of key template documents. These templates should be adapted by higher education institutions for their specific needs, geographic and cultural context, and only used after legal and managerial review and approval by each institution and all other relevant stakeholders.
Overall, engaging with LCOs is a crucial aspect of the Google.org Cybersecurity Seminars program. It offers valuable benefits, including practical experience for students and the opportunity to address real-world challenges. By collaborating with LCOs, universities can foster mutually beneficial relationships that enhance community impact while developing student skills. Building trust and open communication is crucial to creating fruitful working relationships, ensuring that both students and LCOs feel supported. These partnerships help cultivate long-term engagement, create meaningful change, and provide a framework for addressing local issues in a respectful, non-judgmental manner.
LCOs are small, locally focused organizations that often lack the cybersecurity resources of larger entities but face similar threats, including nation-state attacks and criminal ransomware. National or multinational corporations, or public agencies or entities operating at a national level, are not LCOs.
Some examples of LCOs are:
LCO engagement through the Google.org Cybersecurity Seminars program benefits both students and LCOs. For students, LCO engagement provides a valuable opportunity to apply their academic knowledge to real-world situations, gaining practical experience that enhances their skills and employability. LCOs, in turn, benefit from the cybersecurity expertise and advice that students bring, helping them improve their cybersecurity awareness, strengthen their defenses, and ensure they are better equipped to handle potential threats. This collaboration can foster a deeper relationship between the higher education institution and the community, creating a shared commitment to enhancing cybersecurity resilience.
However, there are inherent risks involved when students engage with LCOs, which can affect all parties involved. For students, working with external organizations could expose them to legal, privacy, or security concerns, while LCOs may face unintended data breaches or mismanagement of sensitive information during student projects. Higher education institutions must also be cautious, as incidents could damage their reputation or lead to legal ramifications. As such, careful planning, clear guidelines, and appropriate supervision are essential to mitigate these risks and ensure a positive and secure experience for all parties involved.
To ensure students have a productive and impactful collaboration with local community organizations, we recommend following these three key steps for successful LCO engagement, and utilizing the associated documents where relevant.
Before LCO engagement, understanding the needs of LCOs and assessing student skills are crucial to set a strong foundation for targeted and effective collaboration.
Higher education institutions should thoroughly understand the specific needs of LCOs and match them to the skill sets of participating students. Benchmarking the competencies of both students and LCOs is an effective approach to ensure that everyone is well-prepared for the engagement. For students, higher education institutions should assess how far students have acquired the practical cybersecurity skills developed through the Google.org Cybersecurity Seminars, and how far they are capable of applying them in real-world contexts. For LCOs, higher education institutions should align their forms of student assistance offered to specific LCO needs, as well as incorporating additional requests where possible.
In addition to benchmarking, students should research their assigned LCOs with the guidance of their supervisors. This research should include a review of any past cyber incidents or vulnerabilities that the LCO has experienced. By understanding these past events, students can better prepare for potential challenges and contribute to a more effective engagement focused on finding solutions.
Students and supervisors should take appropriate steps to protect devices, software, and hardware before engagement. Students should be aware of best practices for safeguarding LCO systems, such as securing endpoints, encrypting sensitive data, and keeping software updated. Any hardware or software used by students during the project must adhere to established security standards to prevent vulnerabilities. Additionally, both students and LCOs should discuss any specific technologies or protection measures in place at the LCOs. It is essential for both parties to understand their responsibilities in maintaining security throughout the engagement.
In addition to good cybersecurity practices, higher education institutions should prioritize the personal safety and well-being of students participating in LCO engagement. For example, they should establish an anonymous hotline or reporting mechanism for students to express concerns about harassment, non-cybersecurity threats, or any situations that make them feel unsafe while working with LCOs. This hotline should ensure confidentiality and respond promptly to reports, providing students with a safe space to voice their concerns without fear of retaliation. Supervisors and program coordinators should make sure all students are informed about this resource and encouraged to use it as needed.
Finally, higher education institutions should set clear and realistic expectations for both LCOs and students, including a crisis management plan. Both students and LCOs should agree on the desired length, format, and outcome of engagement. It is important to set up regular points of contact from the start, allowing students and LCOs to seek guidance or report issues as they arise. In addition, the crisis management plan should outline steps to take in the event of an incident, whether cybersecurity-related or not.
Key documents to consider developing at this stage include:
By focusing on these preparatory steps—understanding needs, setting expectations, ensuring protection, and providing safety resources—the engagement can proceed with all parties aligned, informed, and well-prepared to handle any challenges that may arise.
During LCO engagement, maintaining effective communication and conducting regular assessments ensures that both students and LCOs can navigate challenges and work towards shared goals.
Throughout the engagement, the higher education institution must ensure regular and open communication between all parties—students, supervisors, and LCOs. This can be achieved by implementing check-in protocols via reliable, secure methods of communication. Keeping these communication channels open will facilitate a swift response to any concerns or challenges during the engagement. For remote collaboration, encrypted communication tools should be used to protect sensitive information. Additionally, as mentioned earlier, an anonymous reporting line could be provided for students to safely raise any serious concerns or issues that may arise during the engagement.
If a critical issue arises, it is important to quickly activate the pre-established crisis management plan. Immediate actions should be taken to protect everyone involved, ensuring that both LCOs and students receive the necessary support to address any potential incidents.
After LCO engagement, evaluating the impact and gathering feedback is essential for refining future engagements and fostering continuous improvement.
Once the engagement concludes, the focus should shift to measuring the impact on both students and LCOs. Conducting exit interviews with students and LCOs can help assess their experiences, the value derived from the collaboration, and areas for improvement. This feedback should be compiled into a detailed Impact Report, ensuring all collected data is anonymized, and handled in compliance with local and national data protection regulations.
Students should be encouraged to participate in a period of reflection through a Student Self- & Peer-Evaluation process. This allows them to critically assess their performance and the contributions of their peers, fostering deeper learning and professional growth. Such reflection is key to solidifying their understanding of the challenges faced, and how they applied their skills in real-world contexts.
Where feasible, the higher education institution should assist LCOs with any ongoing needs that emerge from the findings. While the engagement may be formally concluded, the institution could help LCOs connect with additional resources or follow-up support.
Finally, insights gained from both student reflections and LCO feedback should be used to refine future Google.org Cybersecurity Seminars and other programs. Key lessons learned can be incorporated to improve the structure, delivery, and content of the program, ensuring it evolves and adapts to better meet the needs of all participants in future engagements. Continuous learning and adaptation will strengthen the program and foster more impactful outcomes in subsequent collaborations.
Creating an Intake Questionnaire for LCOs participating in the program can enhance information gathering to support:
It is essential to ensure students approach information gathering with professionalism and empathy, and avoid judgment. The Google.org Cybersecurity Seminars program is a supportive service aimed at strengthening the local community, rather than highlighting flaws.
It is important to have a document detailing the general scope of engagement between higher education institutions, students, and LCOs. Clarifying, setting, and managing expectations before any work has been done ensures a fruitful, clear, and trusting working relationship going forward. It also ensures that there are no “unspoken rules” and unclear expectations.
Document 2 can serve as the basis of one of the following:
ACRONYM | FULL NAME | GENERALLY CONTAINS |
SoE | Scope of Engagement | Information about what work needs to be done, and by whom (tasks and deliverables) |
SoW | Statement of Work | Information included in the scope, as well as critical project and contractual details Typically a legally binding document |
MoU | Memorandum of Understanding | Shared understanding / intent between parties Typically non-binding |
RoE | Rules of Engagement | How parties should interact or respond in certain situations |
An NDA (Non-Disclosure Agreement), also known as a confidentiality clause, is a contract between the higher education institution and the LCO that establishes a confidential relationship.
In the context of the Google.org Cybersecurity Seminars, NDAs may be unilateral or bilateral (mutual). In a unilateral NDA, the LCO discloses information to the higher education institution, which is then obligated to protect that confidentiality. In a bilateral NDA, both parties exchange information, and both parties agree to protect each other’s confidentiality. Some areas to consider are:
A Liability Waiver is a legal document where one party agrees to waive their right to sue, or hold another party legally responsible for injuries, damages, or other such named adverse effects that may occur during an event. A liability waiver can be important as it offers legal protection, serves as documented evidence of accepted risks, and offers financial security and risk mitigation.
A Student Code of Conduct is a set of guidelines and expectations that outline the professional and ethical behavior required of students participating in the clinic. This code ensures that students act with integrity, respect, and responsibility while engaging with LCOs and other stakeholders. It can cover aspects such as maintaining confidentiality, good cybersecurity practices, collaborating effectively with peers and LCO staff, and upholding the reputation of the higher education institution. Adhering to this code not only fosters a positive learning environment but also helps students develop the professional standards necessary for their future careers.
A document detailing Device & Software Protection Best Practices outlines essential guidelines to ensure the security and integrity of both hardware and software systems throughout the engagement. It should include best practices for securing endpoints, including by implementing strong passwords, enabling two-factor authentication, and regularly updating operating systems and software to patch known vulnerabilities. It can also include encryption protocols for sensitive data, regular backups, and antivirus measures, as well as a range of other relevant cybersecurity measures.
A Student Self- & Peer-Evaluation is a reflective tool used to assess individual and team contributions to a project. Students evaluate their own performance as well as that of their peers, focusing on factors such as participation, collaboration, communication, and the quality of work produced. This process encourages self-awareness, accountability, and constructive feedback, helping students identify strengths and areas for improvement. It also promotes a fair assessment of group work, recognizing each member’s contributions and addressing any discrepancies.
This document should be used as a preliminary basis for developing an Intake Questionnaire to best match students to prospective local community organizations. Please make any necessary adjustments for your specific context and consult with your legal team prior to disseminating this document.
Thank you for your interest in collaborating with [Higher Education Institution Name]. This intake questionnaire is designed to help us better understand your organization's needs, goals, and resources. The information you provide will be used to see if what we provide is an appropriate match for your organization, and if so, partner your organization with appropriate student teams and ensure a productive working relationship. Please answer all questions as thoroughly as possible.
This questionnaire should take approximately 30 - 60 minutes to fill in.
Organization Name | |
Address | |
Primary Contact Name | |
Primary Contact Title | |
Primary Contact Phone Number | |
Primary Contact Email | |
Website | |
Social Media Handles (if any) |
Mission Statement | |
Brief Description of Your Organization | |
What type of organization do you represent? | - Small business - Non-profit organization - Educational institution (e.g. school or college) - Government (local or regional) - Healthcare organization (e.g. clinic, hospital - Other (please specify) |
Size of Organization: - Number of Employees - Number of Volunteers - Number of Individuals / Groups Served Annually | |
Years in Operation |
Why did your organization seek assistance from the [Higher Education Institution Name] Google.org Cybersecurity Seminars program? Select all that apply. | - To assess and strengthen the overall cybersecurity posture of our organization - To address specific cybersecurity concerns we are already aware of - To seek specialized cybersecurity education, awareness, and training for our employees - To support the education, training, and development of cybersecurity professionals in our community - Other (please specify) |
If you selected multiple answers in the question above, please state one (1) that is the highest priority. | |
What specific goals or outcomes would you like to achieve through collaboration with our students? | |
Do you have a specific timeline for completing these projects or achieving these goals? | |
Which of the following regulatory standards must your organization comply with? Select all that apply. | - General Data Protection Regulation (GDPR) - Network and Information Security (NIS) Directive and NIS2 - ePrivacy Directive - Cybersecurity Act - ISO/IEC 27001 - Payment Services Directive 2 (PSD2) - Digital Operational Resilience Act (DORA) - Don’t know - Other (please specify) |
What types of devices does your organization use? Select all that apply. | - Organization-issued desktop or laptop computers - Personally owned desktop or laptop computers (BYOD) - Organization-issued mobile devices (e.g., smartphones, tablets) - Personally owned mobile devices (BYOD) |
What types of data storage solutions does your organization use? Select all that apply? | - Cloud-based workspace or storage (e.g., OneDrive, Google Drive, Dropbox) - On-premises backup solution (e.g., local server, data center storage) - Off-site or cloud-based backup solution (e.g., Amazon S3, Google Cloud Storage) |
Does your organization use multi-factor authentication (MFA) for critical accounts? | Yes No Don’t know |
Does your organization regularly update and patch all systems and software? | Yes No Don’t know |
Does your organization have a system in place for access control and least privilege? | Yes No Don’t know |
Does your organization perform regular, secure data backups and test recovery processes? | Yes No Don’t know |
Does your organization provide regular cybersecurity training to employees? If yes, please list what these entail (e.g. provider, topics, frequency). | Yes No Don’t know Further information: |
Does your organization monitor network traffic and log all activities? | Yes No Don’t know |
Does your organization have an incident response plan that is practiced regularly? | Yes No Don’t know |
Does your organization monitor and secure external devices (e.g., USB drives) connecting to the network? | Yes No Don’t know |
Does your organization conduct regular vulnerability scans and penetration tests? | Yes No Don’t know |
Does your organization monitor and secure external devices (e.g., USB drives) connecting to the network? | Yes No Don’t know |
Does your organization have a policy for secure data disposal? | Yes No Don’t know |
Does your organization have an inventory of physical devices, systems, software platforms, applications, and personnel? | Yes No Don’t know |
Does your organization have secure data storage practices in place for both on-premises and cloud environments? | Yes No Don’t know |
Please state your preferred method of engagement with students. | On-site Remote Combination of both |
If engaging on-site, what facilities or resources (e.g. meeting rooms, computers) can you provide for students? | |
What days / times are best for meetings or project work? | |
Are there any restrictions or considerations (e.g. confidentiality, access to certain data) that we should be aware of? |
What are your expectations for the collaboration with our students? | |
How would you define a successful partnership with our higher education institution? | |
Are you open to providing feedback and guidance to students throughout the collaboration? |
Is there anything else you would like us to know about regarding your organization or your needs? |
Thank you for completing this questionnaire. We look forward to reviewing your responses and exploring how we can best support your organization.
This document should be used as a preliminary basis for developing a Statement of Work, Scope of Expectations, Memorandum of Understanding, or Rules of Engagement for local community engagement. Please make any necessary adjustments for your specific context and consult with your legal team prior to disseminating this document.
Scope of Work (SoW) Between [Higher Education Institution Name] and [Local Community Organization Name]
Effective Date: [Insert Date]
Expiration Date: [Insert Date or "Indefinite"]
Entered into and between: [Higher Education Institution Name] (hereafter referred to as "the HEI") located at [HEI address],
and
[Local Community Organization Name] (hereafter referred to as "the LCO") located at [LCO address].
This Statement of Work (SoW) serves to establish a framework for collaboration between the HEI and the LCO. The goal of this partnership is to enhance cybersecurity awareness, practices, and resilience within the LCO through the HEI’s Google.org Cybersecurity Seminars Program. This document outlines the expectations, roles, responsibilities, and scope of work for all parties involved.
2.1. Engagement Activities
The HEI will provide the following services to the LCO:
2.1.1. Cybersecurity Assessments: Conduct vulnerability assessments, risk analyses, and security audits of the LCO's digital infrastructure.
2.1.2. Training and Awareness: Provide cybersecurity training sessions for LCO staff, focusing on best practices, threat awareness, and safe online behavior.
2.1.3. Technical Support: Assist with the implementation of cybersecurity measures, including software installation, network security enhancements, and data protection strategies.
2.1.4. Red Team Exercises: (If applicable) Conduct authorized penetration testing to identify and address security weaknesses.
2.2. Deliverables
The HEI will deliver the following:
2.2.1. Assessment Reports: Detailed reports summarizing findings from assessments, including actionable recommendations.
2.2.2. Training Materials: Customized training materials and resources for ongoing use by the LCO.
2.2.3. Technical Documentation: Documentation for any technical solutions implemented, including configuration settings and user guides.
2.2.4. Final Review: A summary of all activities conducted, outcomes achieved, and next steps for the LCO to continue improving cybersecurity.
3.1. HEI Responsibilities
The HEI agrees to:
3.1.1. Provide Qualified Personnel: Ensure that students and faculty involved are qualified, adequately trained, and supervised.
3.1.2. Adhere to Ethical Standards: Conduct all activities in a professional, ethical, and legal manner.
3.1.3. Maintain Confidentiality: Protect the confidentiality of all information and data accessed during the engagement.
3.1.4. Deliver Timely Reports: Provide timely and comprehensive reports on all activities conducted.
3.1.5. Offer Ongoing Support: Provide reasonable ongoing support to address any follow-up questions or issues arising from the engagement.
3.2. LCO Responsibilities
The LCO agrees to:
3.2.1. Facilitate Access: Provide the necessary access to systems, data, and personnel to enable the HEI to perform the agreed-upon activities.
3.2.2. Participate in Training: Encourage staff participation in training sessions and implement recommended cybersecurity practices.
3.2.3. Provide Feedback: Offer feedback on the effectiveness of the Higher Education Institution’s activities and suggest areas for improvement.
3.2.4. Confidentiality and Data Protection: Protect any sensitive information provided by the Higher Education Institution and ensure compliance with data protection regulations.
3.2.5. Adhere to Agreements: Follow the agreed-upon schedule and scope of work and notify the HEI of any changes in a timely manner.
4.1. Scope and Boundaries
4.1.1. Authorized Activities: The HEI will only perform activities that are explicitly authorized by the LCO.
4.1.2. Red Team Exercises: (If applicable) All penetration testing or similar activities will be pre-approved, with clear rules of engagement and boundaries to avoid disruption of critical systems.
4.1.3. Data Handling: The HEI will handle all LCO data with the highest level of security, following industry best practices for data protection.
4.2. Communication Protocols
4.2.1. Primary Contacts: Designate primary points of contact for both the HEI and the LCO to facilitate smooth communication.
4.2.2. Regular Updates: Schedule regular check-ins and progress reports to keep all parties informed.
4.2.3. Incident Reporting: Establish a process for reporting and responding to any security incidents or breaches that occur during the engagement.
5.1. Confidential Information
5.1.1. Definition: Confidential information includes all non-public information provided by either party, including but not limited to technical data, business processes, and personal data.
5.1.2. Obligations: Both parties agree to protect the confidentiality of such information and use it solely for the purposes outlined in this SoW.
5.2. Data Protection Compliance
5.2.1. Regulatory Compliance: Both parties agree to comply with all applicable data protection laws and regulations (e.g., GDPR, CCPA).
5.2.2. Data Security Measures: The HEI will implement appropriate technical and organizational measures to safeguard LCO data.
6.1. Liability
6.1.1. Limitation of Liability: Neither party shall be liable for indirect, incidental, or consequential damages arising from the activities conducted under this SoW.
6.1.2. Indemnification: The LCO agrees to indemnify and hold the Higher Education Institution harmless from any claims arising out of the LCO’s use of the services provided by the Higher Education Institution.
6.2. Dispute Resolution
6.2.1. Mediation: In the event of a dispute, the parties agree to first seek resolution through mediation.
6.2.2. Governing Law: This SoW shall be governed by the laws of [Jurisdiction].
7.1. Term
7.1.1. Duration: This SoW is effective from [Start Date] to [End Date], unless terminated earlier by either party.
7.1.2. Renewal: The SoW may be renewed upon mutual agreement.
7.2. Termination
7.2.1. Notice Period: Either party may terminate this SoW with [Insert Notice Period, e.g., 30 days] written notice.
7.2.2. Breach of Terms: Immediate termination is permitted if either party breaches the terms of this SoW.
By signing below, both parties acknowledge that they have read and understood this Scope of Work and agree to its terms and conditions.
Role (if applicable): | Name: | Signature: | Date: | |
Higher Education Institution Representative: | ||||
Local Community Organization Representative: |
This document should be used as a preliminary basis for developing a Non-Disclosure Agreement where required for local community engagement. Please make any necessary adjustments for your specific context and consult with your legal team prior to disseminating this document.
Non-Disclosure Agreement (NDA)
Effective Date: [Insert Date]
Expiration Date: [Insert Date or "Indefinite"]
Entered into and between: [Higher Education Institution Name], the Disclosing Party (hereafter referred to as "the HEI" or “Disclosing Party”) located at [HEI address],
and
[Local Community Organization Name], the Receiving Party (hereafter referred to as "the LCO" or “Receiving Party”) located at [LCO address].
The purpose of this Non-Disclosure Agreement (NDA) is to protect confidential and proprietary information that may be disclosed between the parties in connection with the Google.org Cybersecurity Seminars Program.
2.1. Confidential Information
"Confidential Information" refers to all non-public information disclosed by the Disclosing Party to the Receiving Party, whether in written, oral, electronic, or other forms, that is designated as confidential or that, under the circumstances surrounding disclosure, ought to be treated as confidential.
2.2. Exclusions from Confidential Information
Confidential Information does not include information that:
3.1. Use of Confidential Information
The Receiving Party agrees to use the Confidential Information solely for the purpose of [describe the specific purpose, e.g., evaluating a potential collaboration, performing research, etc.], and not for any other purpose.
3.2. Non-Disclosure
The Receiving Party agrees not to disclose the Confidential Information to any third party without the prior written consent of the Disclosing Party, except as required by law or as necessary to fulfill the purpose of this Agreement. If disclosure is necessary, the Receiving Party shall ensure that the third party is bound by confidentiality obligations no less restrictive than those contained in this NDA.
3.3. Protection of Information
The Receiving Party agrees to take all reasonable measures to protect the confidentiality of the Confidential Information, including implementing appropriate physical, electronic, and administrative safeguards.
4.1. Term
This NDA shall remain in effect from the Effective Date until the Expiration Date, or until terminated by either party with [Insert Notice Period, e.g., 30 days] written notice to the other party.
4.2. Return or Destruction of Information
Upon termination of this NDA or upon the Disclosing Party's request, the Receiving Party shall promptly return or destroy all copies of the Confidential Information in its possession and certify in writing that it has done so.
5.1. Ownership
All Confidential Information remains the property of the Disclosing Party. No license, by implication or otherwise, is granted to the Receiving Party under any patents, trademarks, copyrights, or other intellectual property rights of the Disclosing Party.
5.2. No Obligation
Nothing in this Agreement obligates either party to proceed with any transaction, business relationship, or research collaboration, and each party reserves the right to terminate discussions at any time.
6.1. Compliance with Laws
The Receiving Party agrees to comply with all applicable laws and regulations in the use, handling, and disclosure of Confidential Information.
6.2. Required Disclosure
If the Receiving Party is required by law or legal process to disclose any Confidential Information, it shall promptly notify the Disclosing Party and cooperate with the Disclosing Party in seeking a protective order or other appropriate remedy.
The Disclosing Party provides the Confidential Information "as is" and makes no representations or warranties, express or implied, regarding the accuracy, completeness, or performance of the Confidential Information.
The Receiving Party acknowledges that the unauthorized disclosure or use of Confidential Information may cause irreparable harm to the Disclosing Party. Therefore, the Disclosing Party shall be entitled to seek injunctive relief in addition to any other legal remedies available to it.
This NDA shall be governed by and construed in accordance with the laws of [Insert Jurisdiction]. Any disputes arising from or relating to this NDA shall be resolved in the courts of [Insert Jurisdiction].
10.1. Entire Agreement
This NDA constitutes the entire agreement between the parties regarding the subject matter hereof and supersedes all prior agreements and understandings, whether written or oral.
10.2. Amendments
This NDA may not be amended or modified except in writing signed by both parties.
10.3. Severability
If any provision of this NDA is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.
10.4. Assignment
Neither party may assign or transfer any rights or obligations under this NDA without the prior written consent of the other party.
By signing below, the parties acknowledge that they have read and understood this Non-Disclosure Agreement and agree to be bound by its terms.
Role (if applicable): | Name: | Signature: | Date: | |
Disclosing Party (Higher Education Institution) Representative: | ||||
Receiving Party (Local Community Organization) Representative: |
This document should be used as a preliminary basis for developing a LCO Liability Waiver to facilitate local community engagement. Please make any necessary adjustments for your specific context and consult with your legal team prior to disseminating this document.
Liability Waiver Between [Higher Education Institution Name] and [Student Name]
Effective Date: [Insert Date]
Expiration Date: [Insert Date or "Indefinite"]
Entered into and between: [Higher Education Institution Name] (hereafter referred to as "the HEI", or “the Institution”) located at [HEI address],
and
[Local Community Organization Name] (hereafter referred to as "the LCO") located at [LCO address].
The purpose of this Liability Waiver and Release Agreement is to outline the responsibilities, risks, and liabilities related to the collaboration between the Institution and the LCO in connection with the [20XX Google.org Cybersecurity Seminars Program], and to release each party from liability for any injuries, damages, or losses that may occur as a result of their involvement.
2.1. Voluntary Participation
Both the Institution and the LCO acknowledge that their participation in the [20XX Google.org Cybersecurity Seminars Program] is entirely voluntary.
2.2. Assumption of Risk
Each party understands that participation in the [20XX Google.org Cybersecurity Seminars Program] may involve inherent risks, including but not limited to [list specific risks, e.g., physical injury, property damage, cybersecurity risks, etc.]. Both parties assume full responsibility for any and all risks of injury, illness, damage, or loss that may result from their participation.
3.1. General Release
The Institution and the LCO, on behalf of themselves, their officers, employees, agents, representatives, and volunteers (collectively, "the Released Parties"), hereby release, waive, discharge, and covenant not to sue each other from any and all claims, demands, actions, causes of action, or liabilities, of any kind or nature, arising out of or in any way related to their participation in the [20XX Google.org Cybersecurity Seminars Program], including but not limited to any claims for bodily injury, illness, death, property damage, or other loss.
3.2. Specific Release for Negligence
Both the Institution and the LCO specifically understand and agree that this release includes any claims based on the negligence, action, or inaction of the other party's Released Parties, and covers bodily injury (including death) and property damage, whether suffered before, during, or after such participation.
4.1. Mutual Indemnification
The Institution agrees to indemnify, defend, and hold harmless the LCO and its Released Parties from and against any and all claims, liabilities, damages, costs, or expenses (including reasonable attorney's fees) arising out of or related to the Institution's involvement in [describe the specific activity, program, or project]. Likewise, the LCO agrees to indemnify, defend, and hold harmless the Institution and its Released Parties from and against any and all claims, liabilities, damages, costs, or expenses arising out of or related to the LCO's involvement in [describe the specific activity, program, or project].
4.2. Third-Party Claims
Both parties agree to indemnify and hold each other harmless from any claims brought by third parties arising out of or related to actions or omissions by their respective officers, employees, agents, or volunteers in connection with this Agreement.
5.1. Insurance Coverage
Both the Institution and the LCO agree to maintain adequate insurance coverage, including general liability and, if applicable, professional liability insurance, to cover any potential claims or liabilities arising from their participation in [describe the specific activity, program, or project].
5.2. Proof of Insurance
Upon request, each party agrees to provide the other with proof of insurance coverage, including policy limits and terms.
6.1. Legal and Regulatory Compliance
The Institution and the LCO agree to comply with all applicable laws, regulations, and guidelines in the performance of their duties and activities under this Agreement.
6.2. Required Disclosure
If either party is required by law or legal process to disclose any information related to this Agreement, it shall promptly notify the other party and cooperate in seeking a protective order or other appropriate remedy.
7.1. Term
This Agreement shall remain in effect from the Effective Date until the Expiration Date, or until terminated by either party with [Insert Notice Period, e.g., 30 days] written notice to the other party.
7.2. Return or Destruction of Information
Upon termination of this Agreement, each party agrees to return or destroy all confidential information belonging to the other party, as directed by the disclosing party.
This Agreement shall be governed by and construed in accordance with the laws of [Insert Jurisdiction]. Any disputes arising from or related to this Agreement shall be resolved in the courts of [Insert Jurisdiction].
9.1. Entire Agreement
This Agreement constitutes the entire understanding between the Institution and the LCO regarding the subject matter hereof and supersedes all prior agreements, understandings, or representations, whether written or oral.
9.2. Amendments
This Agreement may not be amended or modified except in writing signed by both parties.
9.3. Severability
If any provision of this Agreement is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.
9.4. Assignment
Neither party may assign or transfer any rights or obligations under this Agreement without the prior written consent of the other party.
By signing below, the parties acknowledge that they have read and understood this Liability Waiver and Release Agreement, and agree to be bound by its terms.
Role (if applicable): | Name: | Signature: | Date: | |
LCO Representative of [LCO Name]: | ||||
Higher Education Institution Representative / Supervisor: |
This document should be used as a preliminary basis for developing a Student Liability Waiver to facilitate local community engagement. Please make any necessary adjustments for your specific context and consult with your legal team prior to disseminating this document.
Liability Waiver Between [Higher Education Institution Name] and [Student Name]
Effective Date: [Insert Date]
Expiration Date: [Insert Date or "Indefinite"]
Entered into and between: [Higher Education Institution Name] (hereafter referred to as "the HEI", or “the Institution”) located at [HEI address],
and
[Participant Name] (hereafter referred to as "the Participant") located at [participant address].
The purpose of this Liability Waiver and Release Agreement is to release the Institution from liability for any injuries, damages, or losses that may occur as a result of the Participant's involvement in the [20XX] Google.org Cybersecurity Seminars Program, organized by the Institution.
2.1. Voluntary Participation
The Participant acknowledges that their participation in the [20XX] Google.org Cybersecurity Seminars Program is entirely voluntary.
2.2. Assumption of Risk
The Participant understands that participation in the [20XX] Google.org Cybersecurity Seminars Program may involve inherent risks, including but not limited to [list specific risks, e.g., physical injury, property damage, exposure to hazardous conditions, etc.]. The Participant assumes full responsibility for any and all risks of injury, illness, damage, or loss that may result from participation in this activity.
3.1. General Release
The Participant, on behalf of themselves, their heirs, assigns, and personal representatives, hereby releases, waives, discharges, and covenants not to sue the Institution, its officers, employees, agents, representatives, and volunteers (collectively, "the Released Parties") from any and all claims, demands, actions, causes of action, or liabilities, of any kind or nature, arising out of or in any way related to the Participant's participation in the [20XX] Google.org Cybersecurity Seminars Program, including but not limited to any claims for bodily injury, illness, death, property damage, or other loss.
3.2. Specific Release for Negligence
The Participant specifically understands and agrees that this release includes any claims based on the negligence, action, or inaction of the Released Parties, and covers bodily injury (including death) and property damage, whether suffered by the Participant before, during, or after such participation.
The Participant agrees to indemnify, defend, and hold harmless the Released Parties from and against any and all claims, liabilities, damages, costs, or expenses (including reasonable attorney's fees) arising out of or related to the Participant's involvement in the [20XX] Google.org Cybersecurity Seminars Program, including but not limited to claims brought by third parties.
5.1. Consent to Medical Treatment
In the event of an injury or medical emergency, the Participant authorizes the Institution to provide or arrange for emergency medical treatment as deemed necessary, at the Participant’s expense. The Participant acknowledges that the Institution does not provide medical insurance and that the Participant is responsible for any medical expenses incurred.
5.2. Medical Information
The Participant agrees to provide any relevant medical information to the Institution that may affect their participation in the activity, including any allergies, conditions, or medications.
This Agreement shall be governed by and construed in accordance with the laws of [Insert Jurisdiction]. Any disputes arising from or related to this Agreement shall be resolved in the courts of [Insert Jurisdiction].
7.1. Entire Agreement
This Agreement constitutes the entire agreement between the parties regarding the subject matter hereof and supersedes all prior agreements and understandings, whether written or oral.
7.2. Severability
If any provision of this Agreement is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.
7.3. Modification
This Agreement may not be amended or modified except in writing signed by both parties.
By signing below, the Participant acknowledges that they have read and understood this Liability Waiver and Release Agreement, and that they agree to be bound by its terms. The Participant also confirms that they are of legal age and fully competent to enter into this Agreement, or if under legal age, have obtained the consent of a parent or guardian.
Role (if applicable): | Name: | Signature: | Date: | |
Participant: | ||||
Parent / Guardian: | ||||
Higher Education Institution Representative / Supervisor: |
This document should be used as a preliminary basis for developing a Student Code of Conduct for students to follow when conducting local community engagement. Please make any necessary adjustments for your specific context and consult with your legal team prior to disseminating this document.
Student Code of Conduct Between [Higher Education Institution Name] and [Student Name]
Effective Date: [Insert Date]
Expiration Date: [Insert Date or "Indefinite"]
Entered into and between: [Higher Education Institution Name] (hereafter referred to as "the HEI") located at [HEI address],
and
[Student Name] (hereafter referred to as "the Student") located at [student address].
Welcome to the [University Name] Google.org Cybersecurity Seminars Program. As a participant, you represent our university and will interact with various local community organizations (LCOs). This Code of Conduct outlines the expectations for your behavior and performance during your involvement in the program. Adherence to this code is mandatory to ensure a professional, ethical, and safe environment for all parties involved.
Respect and Integrity: Always treat LCO staff, community members, fellow students, and university personnel with respect. Be honest and uphold the highest standards of integrity in all interactions.
Punctuality: Arrive on time for all engagements, whether on-site, remote, or at the university. Inform your supervisor and the LCO of any delays or changes to your schedule.
Dress Code: Dress appropriately for the setting, taking into account the nature of the work and the environment. When in doubt, ask your supervisor for guidance on appropriate attire.
Communication: Maintain clear and professional communication at all times. Respond to emails, messages, and calls promptly. Use secure communication channels when discussing sensitive information.
Confidential Information: Respect the confidentiality of all information accessed during your engagement. Do not disclose any sensitive or proprietary information without explicit permission.
Data Handling: Follow best practices for handling data, including encryption, secure storage, and proper disposal of unnecessary data. Do not transfer LCO data to personal devices or unsecured locations.
Access Control: Only access systems, networks, or data that you have been explicitly authorized to use. Do not share your access credentials with others.
Compliance with Laws and Policies: Adhere to all relevant laws, regulations, and university policies, including those related to cybersecurity, data protection, and privacy.
Conflict of Interest: Disclose any potential conflicts of interest to your supervisor. Avoid situations where your personal interests may conflict with your duties to the LCO or the university.
Ethical Hacking: When involved in red-team activities or vulnerability assessments, ensure you have clear authorization and follow the defined scope of work. Do not engage in unauthorized testing or exploitation of vulnerabilities.
On-Site Safety: Follow all safety guidelines provided by the LCO and the university. Use personal protective equipment (PPE) as required and be mindful of your surroundings. You may consider keeping your personal belongings secure, within sight, and not bring unnecessary valuables on site.
Remote Engagement Safety: Ensure your working environment is secure and that you use secure connections (e.g., VPNs) when accessing LCO systems remotely.
Emergency Procedures: Familiarize yourself with emergency procedures for both the university and the LCO. Know how to contact emergency services and report incidents.
Incident Reporting: Immediately report any security incidents, breaches, or unethical behavior to your supervisor or the appropriate university contact.
Feedback and Debriefing: Participate in debriefing sessions after engagements to discuss your experience, provide feedback, and identify areas for improvement.
Responsibility: Take responsibility for your actions and their impact on the LCO, the university, and the broader community. Strive to leave a positive and lasting impact.
Non-Compliance: Failure to adhere to this Code of Conduct may result in disciplinary actions, including but not limited to removal from the cybersecurity program, academic penalties, or reporting to the university’s disciplinary committee.
Appeals Process: If you believe a disciplinary action is unwarranted, you may appeal the decision through the university’s established appeals process.
By participating in the [University Name] Google.org Cybersecurity Seminars Program, you acknowledge that you have read, understood, and agree to abide by this Code of Conduct. Your commitment to these principles is essential to the success of the clinic and the trust placed in us by our community partners.
Role (if applicable): | Name: | Signature: | Date: | |
Student: | ||||
Supervisor: |
This document should be used as a preliminary basis for developing a Device and Software Protection Best Practices Document for local community engagement. Please make any necessary adjustments for your specific context and consult with your legal team prior to disseminating this document.
This document outlines best practices for safeguarding devices and software used during engagement with Local Community Organizations (LCOs). These best practices also cover data protection and communications security, data deletion and disposal, access removal, incident response and authentication. They are intended to mitigate the risks of cyberattacks, data breaches, and unauthorized access to student devices and LCO and university systems, and are critical for maintaining security and compliance throughout the project.
The Google.org Cybersecurity Seminars program supports cybersecurity seminar courses in
selected universities and other eligible higher education institutions in Europe, the Middle East, and Africa, to help students learn more about cybersecurity and explore pathways in the field.
The program actively supports the expansion of cybersecurity training in universities, to build the diverse workforce needed to help the most vulnerable organizations prevent potential cyberattacks. It also addresses new risks from artificial intelligence (AI), providing students with an understanding of AI-based changes to the cyber threat landscape and helping them effectively integrate AI into practical cybersecurity measures.
Participating universities are expected to actively promote equality, diversity, and inclusion within their programs. They should encourage the strong participation of individuals from diverse backgrounds and create an inclusive environment for education, thereby enriching the overall learning experience and strengthening the cybersecurity community.
Loading…