Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

Useful informationAt a glance:

Iris Looked After Call is a data processor in regards to services for our local authority customers.

Truancy Call Ltd is part of Iris Software LtdGroup.
Heathrow Approach,
470 London Road,
Slough,
SL3 8QY

Data Protection Registration Number: Z7911829
Company Registration Number: 4125665
Cyber Essentials certificate number: IASME-CE-004880

ISO 27001 certificate number: 1639251624619545 pending - certified awaiting BSI documentation
Data Protection Officer: dataprotection@iris.co.uk

...

  • Working closely with the Group Data Protection Officer as needed

  • Our approach to product and software development ensures ‘data protection by design and by default’. Throughout our service, we are committed to maintaining high standards of information security, privacy and transparency.

...

We seek to implement the Cloud Security Principles and guidance from the National Cyber Security Centre. To demonstrate our commitment we

...


We are Cyber Essentials Plus certified (https://www.cyberessentials.ncsc.gov.uk/ ).

  • We actively carry out security checks on all staff on recruitment. All staff have mandatory corporate training on data protection and information security. This is rolled out on staff induction and for existing staff each training session is refreshed at least once per year

...

All external connections to our systems are encrypted over SSL using and RSA 2048 bits DigiCert SHA2 Extended Validation certificate. All data held by Iris Looked After Call is encrypted whilst in transit . It is not currently encrypted and “at rest” , however it is and securely stored within our ISO 27001 certified UK datacentres. We are working on the technicalities to enable encryption for our databases.

At what point is data deleted?

...

Do you hold the ISO 27000:2013 Information Security Management standard?

We are not currently ISO27001 compliant, however Iris Group protocols and Information Security Management System aligns with itAll Iris Looked After Call data is stored within ISO27001 certified data centres. Iris Looked After Call is certified, we are awaiting certificate from BSI.

Do you have any security accreditations

  • Cyber Essentials Plus - certificate number: 1639251624619545 IASME-CE-004880

  • G-Cloud 11 12 certified

  • Looked After Call is regularly checked internally for security vulnerabilities and annually by a CREST accredited 3rd party penetration testing company.

...

Looked After data is securely stored within ISO/PCI compliant UK data centres - information available upon request.

How do you collect data from schools?

...

How does the automated data extractor work?

Software Most modern school management systems provide a simple way for schools to share data with 3rd parties such as Iris Looked After Call - This can often be quickly and easily set up without any installation of software within the school. It is used to read data specifically looking for Looked After Children relating to the authorities we collect for. for authorities that have provisioned our service.
Instructions on how to set this up will depend on the school management usedWe integrate with all leading providers: Capita SIMS, Advanced Progresso, RM Integris, Bromcom, Scholar Pack and others. We are an accredited technical partner of Capita SIMS and have similar arrangements with other providers. Schools remain in complete control, and can terminate the automatic data sharing at any time (which would trigger our calling team to contact daily for attendance instead).

Our data extraction software requires minimal IT administration but if help is required a dedicated team of support staff are available to assist.

...

What data is being processed?

Subject matter and duration of the processing

Iris Looked After Call provides data extraction and reporting services in the form of its Looked After Call product primarily used by Local Authorities in England and Wales. Services are agreed with Local Authorities for one or multi-year contracts.

 

Nature and purpose of the processing

Iris Looked After Call uses the data extracted for children in care of the authority to help virtual headteachers and other authorised agents to monitor their progress through education.

 

Type of Personal Data and Categories of data subjects

See table below

Student Data

Parent/Carer Data

Event Data

Assessment

Registration Data

Full Name

Attendance Marks

Exams Results

Unique Pupil Number

Relationship

Behaviour Incidents

Assessment Results

Full Name

Phone Numbers

Detentions

KPIs

Registration Group

Email Addresses

Achievements

 

Year and House Group

Addresses

Exclusion

 

Date of Birth

Agent Details

 

 

FSM Entitlement

Agent Phone Numbers

 

 

Pupil Premium

Agent Emails

 

 

School History

 

 

 

Personal Education Plans

 

 

 

Special Education Needs

 

 

 

Welfare Data

 

 

 

Are you GDPR compliant?

Iris Looked After Call is committed to high standards of information security, privacy and transparency. We place a high priority on protecting and managing data in accordance with accepted standards including Cyber Essentials. When providing services to schools and local authorities, Iris Looked After Call fulfils the role of data processor, and complies with GDPR regulations, whilst also working closely with our customers and partners to meet contractual obligations for our procedures, products and services.

...

Access to the Looked After Call administration and portal sites implement Single option 2 factor authentication.

Understanding the new Data Protection Laws

...