Data protection and security
NB: A GDPR Frequently Asked Questions will be published shortly, giving more information about how Pupil Asset keeps your data secure.
- Pupil Asset security requirements (specifically PCI DSS, ISO27001), holds school and pupil data in a UK data centre accredited with the most stringent and SAS70 standards.
- Data transfer to and from those servers is conducted via encrypted pathways namely SSL (https) encryption for browsers, and SSH for shell administration.
- Passwords and other sensitive information are either encrypted or MD-5 hashed (with salt to prevent rainbow-table based attacks)
- Off-site overnight back-ups run daily to ensure that no data is lost in the event of failure at the primary data-centre.
- Resilience is provided by a back-up server (located at a separate UK-based data centre).
- The Pupil Asset system itself has a mechanism for secure file transfer, ensuring encrypted end-to-end transmission of data to the system and/or our support team when necessary.