How we ensure the Confidentiality, Integrity and Availability of your Data

We take our obligation to look after your data very seriously. This document outlines the steps we take to fulfil this obligations.

DELIVERY OF THE SERVICE

The Governors’ Virtual Office (GVO) is supplied by School Leadership Systems Ltd (SLS, “We”, “Us”). We work with a range of specialist specialist software suppliers and hosting services who act as sub-processors to allow us to provide you with the GVO Service.

Our principal sub-processor is LDCVia Ltd (LDC) who developed the GVO service to our specification and who run and maintain the service on the back of their LDCVia application. They in turn use a number of software products and services to deliver the Service.

CONFIDENTIALITY

Data is encrypted both at rest and in transit. Traffic between Users’ web browsers and the GVO application is encrypted via TLS - the application requires TLS 1.1 as a minimum. All back end communication for the purposes of application management and data operations happen over encrypted connections and utilises multi-factor authentication.

MongoDB pursues external testing and certifications regarding security for its Atlas service. Its System and Organisation Controls are documented here https://www.mongodb.com/cloud/trust/compliance/soc

Everyone who works with Users data, whether employees, temporary workers or agency workers has signed a commitment of confidentiality regarding the processing of that data.

INTEGRITY

All data storage takes place within MongoDB Atlas. Atlas is MongoDB’s cloud database service. Each MongoDB Atlas project is provisioned into its own Virtual Private Cloud (VPC) so data and underlying systems are isolated from all other Mongo DB Atlas instances.

As noted above MongoDB pursues external testing and certifications regarding security for its Atlas service. Its System and Organisation Controls are documented here https://www.mongodb.com/cloud/trust/compliance/soc

AVAILABILITY

How do we maintain availability of Users data…..?