| Info |
|---|
Useful information Contact Group are data processors At a glance: Iris Looked After Call is a data processor in regards to services for our educational establishment local authority customers. ISO 27001 certificate number: 1639251624619545 : pending - certified awaiting BSI documentation |
Why are you collecting data from schools?
We partner with local authorities throughout the UK to collect and process data on their behalf specifically for looked after children in their care, to help them meet their statutory responsibility as corporate parents as set out in the Children Act 1989.
What
...
has Iris Looked After Call done to comply with GDPR?
Contact Group Iris Looked After Call is part of the Iris Software Group and benefits from its resources and expertise to help us meet our obligations to GDPR including:
...
Working closely with the Group Data Protection Officer as needed
Our approach to product and software development ensures ‘data protection by design and by default’. Throughout our service, we are committed to maintaining high standards of information security, privacy and transparency.
...
We seek to implement the Cloud Security Principles and guidance from the National Cyber Security Centre.
To demonstrate our commitment we
...
We are Cyber Essentials Plus certified (https://www.cyberessentials.ncsc.gov.uk/ ).
We actively carry out security checks on all staff on recruitment. All staff have mandatory corporate training on data protection and information security. This is rolled out on staff induction and for existing staff each training session is refreshed at least once per year
...
All external connections to our systems are encrypted over SSL using and RSA 2048 bits DigiCert SHA2 Extended Validation certificate. All data held by Contact Group Iris Looked After Call is encrypted whilst in transit. Contact Group undertakes We undertake regular internal and 3rd party security auditing of our applications and premises in order to ensure they adhere to customer expectations and current industry standards. Access to data by Contact Group Iris Looked After Call staff is strictly controlled and audited.
What policies and procedures do you have in place to protect personal data?
Contact Group holds We hold ICO registration to ensure continuing compliance with Data Protection legislation. All staff receive regular training regarding the latest best practices around data security. Contact Iris Software Group has have comprehensive Disaster Recovery policies and RTO’s pertaining to which detail processes to restore the integrity and availability its services.
...
All external connections to our systems are encrypted over SSL using and RSA 2048 bits DigiCert SHA2 Extended Validation certificate. All data held by Contact Group Iris Looked After Call is encrypted whilst in transit . It is not currently encrypted and “at rest” , however it is and securely stored within our ISO 27001 certified UK datacentres. We are working on the technicalities to enable encryption for our databases.
At what point is data deleted?
...
Do you hold the ISO 27000:2013 Information Security Management standard?
We are not currently ISO27001 compliant, however Iris Group protocols and Information Security Management System aligns with itAll Iris Looked After Call data is stored within ISO27001 certified data centres. Iris Looked After Call is certified, we are awaiting certificate from BSI.
Do you have any security accreditations
Cyber Essentials Plus - certificate number: 1639251624619545 IASME-CE-004880
G-Cloud 11 12 certified
Looked After Call is regularly checked internally for security vulnerabilities and annually by a CREST accredited 3rd party penetration testing company.
...
Looked After data is securely stored within ISO/PCI compliant UK data centres - information available upon request.
How do you collect data from schools?
We do not rely on any third-party to obtain personal data from schools. To minimise disruption, schools may choose from several different collection methods:
...
How does the automated data extractor work?
Software Most modern school management systems provide a simple way for schools to share data with 3rd parties such as Iris Looked After Call - This can often be quickly and easily set up without any installation of software within the school. It is used to read data specifically looking for Looked After Children relating to the authorities we collect for. for authorities that have provisioned our service.
Instructions on how to set this up will depend on the school management used – We integrate with all leading providers: Capita SIMS, Advanced Progresso, RM Integris, Bromcom, Scholar Pack and others. We are an accredited technical partner of Capita SIMS and have similar arrangements with other providers. The data read by processed will depend on your agreement with us – Please refer to your data processing agreementSchools remain in complete control, and can terminate the automatic data sharing at any time (which would trigger our calling team to contact daily for attendance instead).
Our data extraction software requires minimal IT administration but if help is required a dedicated team of support staff are available to assist.
What data is being processed?
Subject matter and duration of the processing | Iris Looked After Call provides data extraction and reporting services in the form of its Looked After Call product primarily used by Local Authorities in England and Wales. Services are agreed with Local Authorities for one or multi-year contracts.
|
Nature and purpose of the processing | Iris Looked After Call uses the data extracted for children in care of the authority to help virtual headteachers and other authorised agents to monitor their progress through education.
|
Type of Personal Data and Categories of data subjects | See table below |
Student Data | Parent/Carer Data | Event Data | Assessment |
Registration Data | Full Name | Attendance Marks | Exams Results |
Unique Pupil Number | Relationship | Behaviour Incidents | Assessment Results |
Full Name | Phone Numbers | Detentions | KPIs |
Registration Group | Email Addresses | Achievements |
|
Year and House Group | Addresses | Exclusion |
|
Date of Birth | Agent Details |
|
|
FSM Entitlement | Agent Phone Numbers |
|
|
Pupil Premium | Agent Emails |
|
|
School History |
|
|
|
Personal Education Plans |
|
|
|
Special Education Needs |
|
|
|
Welfare Data |
|
|
|
Are you GDPR compliant?
Contact Group Iris Looked After Call is committed to high standards of information security, privacy and transparency. We place a high priority on protecting and managing data in accordance with accepted standards including Cyber Essentials. When providing services to schools and local authorities, Contact Group Iris Looked After Call fulfils the role of data processor, and complies with GDPR regulations, whilst also working closely with our customers and partners to meet contractual obligations for our procedures, products and services.
...
Access to the Looked After Call administration and portal sites implement Single option 2 factor authentication.
Understanding the new Data Protection Laws
We would strongly recommend schools seek their own legal advice if they are unsure about the implications of the new data protection laws on their businesses.
Legal Disclaimer
The information contained on this website is for general guidance purposes only. It should not be taken for, nor is it intended as, legal advice. While we have made every effort to ensure that the information provided on this website is correct and up to date, IRIS Iris Software Group makes no promises as to completeness or accuracy and the information is delivered on an “as is” basis without any warranties, express or implied. IRIS Iris Software Group will not accept any liability for errors or omissions and will not be liable for any damage (including, without limitation, damage for loss of business or loss of profits) arising in contract, tort or otherwise from the use of or reliance on this information or from any action or decisions taken as a result of using this information.