Data protection and security

NB: A GDPR Frequently Asked Questions will be published shortly, giving more information about how Pupil Asset keeps your data secure. 


  • Pupil Asset security requirements (specifically PCI DSS, ISO27001), holds school and pupil data in a UK data centre accredited with the most stringent and SAS70 standards.  
  • Data transfer to and from those servers is conducted via encrypted pathways namely SSL (https) encryption for browsers, and SSH for shell administration.
  • Passwords and other sensitive information are either encrypted or MD-5 hashed (with salt to prevent rainbow-table based attacks)
  • Off-site overnight back-ups run daily to ensure that no data is lost in the event of failure at the primary data-centre.
  • Resilience is provided by a back-up server (located at a separate UK-based data centre).
  • The Pupil Asset system itself has a mechanism for secure file transfer, ensuring encrypted end-to-end transmission of data to the system and/or our support team when necessary.

Explore this section

For an instant idea of cost, use our simple widget tailored to your needs.

CALCULATE COST