Do you have a documented procedure which details a plan of action in the event of a breach of data protection legislation?

Yes we have a procedure in place in case of a data breach. This information has been provided in the Governments Cloud Software Services for Schools Guide https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/644845/Cloud-services-software-31.pdf which links to our internal document here https://www.bsquared.co.uk/downloads/B%20Squared%20Ltd%20Self%20Certification%20-%208th%20Nov%202016.pdf

Where your staff have access to the personal data of ours, is there a confidentiality clause in their employment contracts?

All staff our bound by a confidentiality clause in their contracts along with additional anti-bribery enhancements to contracts of employees with root access to systems. This ensures that staff are bound during and post employment with us. We also have the additional benefit of being on a ListX Secure site which requires all of our […]

Do you have a documented Information Security Policy which obliges your organisation and all its employees and/or contractors to comply with Data Protection legislation?

We have an internal Information Security Policy which we review annually. This policy drives how we secure our own systems and our requirements for any 3rd party companies we may use to process the data which we are controllers for. This document is not available to view externally however we do have alot of information […]

Describe how our data is permanently deleted once it is no longer required in order for you to fulfil your contractual obligations.

Once the Data Retention Policy indicates that a schools data is no longer able to be stored on our servers, we start by deleting from our databases the sensitive records. This action then renders any remaining non sensitive data into an orphaned state which becomes unusable. We have a cleanup tasks that then systematically deletes […]