Data Security FAQs

We have at least 3 layers of firewalling (WAFs and otherwise) allowing for detection and pre-emptive protection, as well as zero-day mitigation, and numerous ACLs with access layers, as well as policy provisioning for developmental control and deployment. All users are automatically logged out after 45 minutes of inactivity.

All passwords must:

  • be at least 8 characters long
  • contain at least one lower-case letter
  • contain at least one upper-case letter
  • contain at least one number
  • contain at least one special character

Data at rest is stored in our high availability database cluster in the Ireland region of AWS (Amazon Web Services).

  • Dynamic DNS Failover
  • Full Version Control
  • Hourly Codebase / File Storage Snapshots with full recovery RPO and 60 minute RTO with 24 hour retention
  • Daily Snapshots with 3 day retention
  • Weekly Snapshot with 2 week retention
  • Monthly Snapshots with 12 month retention
  • Perpetual Data Snapshots

Yes, and we can provide details on request.

All data can be provided in CSV format with relationships defined where possible. This can be exported by users with sufficient permissions at any time.

Again, we use the processes defined by the ICO.

Yes, we are members of the British Educational Suppliers Association (BESA) and follow their industry code of conduct. Our CEO is also an Executive Council member.

We are founding members of the EdTech Evidence Group, a preferred supplier of the Association of School and College Leaders (ASCL), and members of COBIS, Fobisia and BSME.

Yes, our policy is on the website along with our Privacy Policy and Terms and Conditions.

Yes, we use specialist third-party data integration software from Groupcall and Wonde to facilitate this.

We use ‘End-to-End Encryption’. Data is encrypted in transit between the browser and the servers and back out again.