| Info |
|---|
Useful information Iris Looked After Call is a data processor in regards to services for our local authority customers. |
...
Working closely with the Group Data Protection Officer as needed
Our approach to product and software development ensures ‘data protection by design and by default’. Throughout our service, we are committed to maintaining high standards of information security, privacy and transparency.
...
We seek to implement the Cloud Security Principles and guidance from the National Cyber Security Centre.
To demonstrate our commitment we
...
We are Cyber Essentials Plus certified (https://www.cyberessentials.ncsc.gov.uk/ ).
We actively carry out security checks on all staff on recruitment. All staff have mandatory corporate training on data protection and information security. This is rolled out on staff induction and for existing staff each training session is refreshed at least once per year
...
All external connections to our systems are encrypted over SSL using and RSA 2048 bits DigiCert SHA2 Extended Validation certificate. All data held by Iris Looked After Call is encrypted whilst in transit . It is not currently encrypted and “at rest” , however it is and securely stored within our ISO 27001 certified UK datacentres. We are working on the technicalities to enable encryption for our databases.
At what point is data deleted?
...
Do you hold the ISO 27000:2013 Information Security Management standard?
We are not currently ISO27001 compliant, however Iris Group All Iris Looked After Call data is stored within ISO27001 certified data centres. Iris Software Group are not certified yet, however our protocols and Information Security Management System aligns align with it.
Do you have any security accreditations
Cyber Essentials Plus - certificate number: 1639251624619545 IASME-CE-004880
G-Cloud 11 12 certified
Looked After Call is regularly checked internally for security vulnerabilities and annually by a CREST accredited 3rd party penetration testing company.
...
Looked After data is securely stored within ISO/PCI compliant UK data centres - information available upon request.
How do you collect data from schools?
...
How does the automated data extractor work?
Software Most modern school management systems provide a simple way for schools to share data with 3rd parties such as Iris Looked After Call - This can often be quickly and easily set up without any installation of software within the school. It is used to read data specifically looking for Looked After Children relating to the authorities we collect for. for authorities that have provisioned our service.
Instructions on how to set this up will depend on the school management used – We integrate with all leading providers: Capita SIMS, Advanced Progresso, RM Integris, Bromcom, Scholar Pack and others. We are an accredited technical partner of Capita SIMS and have similar arrangements with other providers. Schools remain in complete control, and can terminate the automatic data sharing at any time (which would trigger our calling team to contact daily for attendance instead).
Our data extraction software requires minimal IT administration but if help is required a dedicated team of support staff are available to assist.
...