How we ensure the Confidentiality, Integrity and Availability of your Data
We take our obligation to look after your data very seriously. This document outlines the steps we take to fulfil this obligations.
DELIVERY OF THE SERVICE
The Governors’ Virtual Office (GVO) is supplied by School Leadership Systems Ltd (SLS, “We”, “Us”). We work with a range of specialist specialist software suppliers and hosting services who act as sub-processors to allow us to provide you with the GVO Service.
Our principal sub-processor is LDCVia Ltd (LDC) who developed the GVO service to our specification and who run and maintain the service on the back of their LDCVia application. They in turn use a number of software products and services to deliver the Service.
CONFIDENTIALITY
Data is encrypted both at rest and in transit. Traffic between Users’ web browsers and the GVO application is encrypted via TLS - the application requires TLS 1.1 as a minimum. All back end communication for the purposes of application management and data operations happen over encrypted connections and utilises multi-factor authentication.
MongoDB pursues external testing and certifications regarding security for its Atlas service. Its System and Organisation Controls are documented here https://www.mongodb.com/cloud/trust/compliance/soc
Everyone who works with Users data, whether employees, temporary workers or agency workers has signed a commitment of confidentiality regarding the processing of that data.
INTEGRITY
All data storage takes place within MongoDB Atlas. Atlas is MongoDB’s cloud database service. Each MongoDB Atlas project is provisioned into its own Virtual Private Cloud (VPC) so data and underlying systems are isolated from all other Mongo DB Atlas instances.
As noted above MongoDB pursues external testing and certifications regarding security for its Atlas service. Its System and Organisation Controls are documented here https://www.mongodb.com/cloud/trust/compliance/soc
AVAILABILITY
How do we maintain availability of Users data…..?