Data that is retained ensures functionality of the service such as Progress tracking (which and how much of a Webinar has been viewed for instance). These are all tied back to a User record, where we store the Users Name, Email address, Role within organisation and some other profile information such as key interests and subjects.
If a request to remove User data is received, users and their associated progress tracking information can be fully removed from the system, but that information would then be irrecoverable.
As the system operates over a web interface & browser, any of your Users could print the pages that they are on. Reports can be downloaded at a School and Trust level to be used alongside the Schools other internal Management Information Systems. Data is only downloaded by NEG staff if they are providing assistance to a nominated contact within a School.
Electronic data stored within our platform is stored within Amazon Web Services (AWS) with all the necessary data protection policies both at a network, system & human level implemented. Database storage is encrypted within AWS.
Internally all NEG endpoints are patch managed under our internal IT policies and our software platforms are kept up to date and deployed regularly.
NEG staff are manually onboarded to the platform and are always mandated to have Two Factor Authentication enabled when accessing any of NEG’s online systems. Infrastructure and data engineer access is hardware multi factor protected. Penetration tests are carried out regularly on the platform, and all developers working on the platform have long standing industry experience of working on data-critical systems. All actions within the system are audited and we have robust request monitoring to ensure that the system is not nefariously targeted.
All traffic to and from the platform is encrypted using industry standard Secure Socket Layers (SSL).
Point in time database restoration is available on a 14-day rolling window with full snapshot backups occurring daily. Database is replicated with failover instances available in other availability regions. Content is backed up across provider. Application is hosted across multiple availability zones, with auto healing infrastructure architecture.
Hierarchically, data about a School and its users is contained within that schools record. This is handled at an application logic level. The only exception to this is Trusts (School Groups) where certain users with the requisite permissions can act as a manager of schools within their group for the purpose of reporting but this is controlled by strict ACLs.
Platform data is stored in the London region of Amazon Web Services.
No data that is only accessible once logged in, can be downloaded by any robots.
Other than fields such as Name, email and job title/role, there are very few other ‘input’ fields that your staff can fill in, as the system is mostly delivering content.
All personally identifiable data about a user is stored in one database table and all related items are data are attached from that part of the database (such as progress tracking entries). All records for a unique data subject can be provided upon request.
The platform is hosted on auto scaling infrastructure which handles significant spikes in normal traffic usage patterns. Other information pertaining to our defences are in place but commercially sensitive.
School users identify with an email address & password or via Single Sign On with Microsoft 365 or Google. NEG Staff are authenticated with email address, password and two factor authentication.
All content changes have to be conducted via NEG staff who are authenticated with two factor and all code change deployments are peer reviewed by the development team before entering production.
We have robust hosting monitoring in place and have automated unit tests covering the codebase that are ran prior to any deployments.
Nothing is required to be installed on school infrastructure, other than a relatively modern browser. NEG do have an iOS and Android app available, however these are not required to use the system. They have been fully checked by both the Apple and Google development teams and programmatically talk to the main platform over an API.
Bandwidth usage of browsing the platform will be no different to browsing normal internet sites. Bandwidth usage when viewing a Webinar or Course videos will entirely depend on the quality rate that is chosen by the user.
One.
Different logs are retained for different length of time; Infrastructure logs are retained for minimum of 30 days. Application audit logs are retained indefinitely.
Via the Hub area.
Yes, we analyse which content is accessed across our platform to ensure we continue to curate and deliver relevant, useful content for our users.
