The security of information held within MyConcern is of paramount importance, both to us and to our customers. Needless to say, all of our systems, processes and behaviours are designed to achieve the best possible levels of information security.
We are registered with the Information Commissioner’s Office (ICO) and our standard contract complies with the Data Protection Act (DPA).
Consistent with the DPA, One Team Logic will act as a data processor while the customer will always remain the data controller.
Cyber Essentials Plus
We have received certification under the Cyber Essentials Plus scheme as a result of our information security standards.
Cyber Essentials Plus is a Government-backed, industry-supported scheme to help organisations protect themselves against common cyber attacks.
To achieve certification we have had to demonstrate the controls we have implemented to mitigate the risk from common internet based threats so that our customers can be assured that we have taken these essential precautions.
As part of this we undergo independent penetration testing to ensure our firewalls are as secure as they can be. We are required to re-certify annually under this scheme and cannot use this certification unless we do so.
As part of our commitment to information security One Team Logic has successfully completed ISO 27001:2013 Certification. This is the latest version of this internationally recognised information security standard.
Our processes have been independently audited and shown to be secure and operating to the highest standards. Being ISO 27001:2013 certified gives a quality assurance that sensitive information such as customer data, logins, network traffic, storage and backups are managed in a secure manner.
All deployments of MyConcern are subject to our End User Licence Agreement (EULA) and our Data Sharing Agreement (DSA), both of which support our approach to achieving the highest levels of information security.
Our DSA details the specific security measures that we implement and maintain to protect customer data. These measures meet or exceed those imposed upon data controllers in the UK through the DPA’s Seventh Principle.
Unalterable audit trails are a standard feature within MyConcern.
All data recorded by schools using MyConcern are transmitted using Secure Sockets Layer (SSL) technology – 2,048 bit SSL encrypts all data between end-users and the server. Each school’s database is fully encrypted and no data is held in human-readable form.
MyConcern is accessible securely from within a school’s network or over a secure internet connection from any web-enabled device (subject to a school’s local information security policies).
As part of the implementation process for MyConcern we provide specific guidance on good practice and the personal responsibilities of system users in relation to information security.