Pupil Asset is hosted in geographically separate UK data centres. Our cloud hosting provider is ISO 27001 accredited. ISO 27001 is an international standard that is recognised globally for managing risks to the security of information. ISO 27001:2013 is the latest version. This standard specifies the requirements for an information security management system (ISMS). Our cloud hosting provider is part of the iomart group and holds additional certifications, all of which have supplemental security components including:
In addition to these accreditations, our cloud hosting provider is also quality assured for the following security aspects
Pupil Asset data in transit and data at rest are secured to industry standards using SHA-256 encryption with RSA-2048 signing
Passwords and other sensitive information are either encrypted or MD-5 hashed (with salt to prevent rainbow-table based attacks)
Off-site overnight back-ups run daily to ensure that no data is lost in the event of failure at the primary data-centre and a geographically separate UK data centre is available for warm failover
The Pupil Asset system itself has a mechanism for secure file transfer, ensuring encrypted end-to-end transmission of data to the system and/or our support team when necessary.